CVE-2025-4106 - Vulnerability Details - OpenCVE

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.

This issue affects Fireware OS: from 12.0 before 12.11.2.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00010

History

Fri, 24 Oct 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0 before 12.11.2.
Title		WatchGuard Firebox leftover debug code vulnerability
Weaknesses		CWE-489
References		https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00010
Metrics		cvssV4_0 `{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published: 2025-10-24T21:32:30.165Z

Updated: 2025-10-24T21:32:30.165Z

Reserved: 2025-04-30T00:34:47.769Z

Link: CVE-2025-4106

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-24T22:15:40.653

Modified: 2025-10-24T22:15:40.653

Link: CVE-2025-4106

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4106", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "state": "PUBLISHED", "assignerShortName": "WatchGuard", "dateReserved": "2025-04-30T00:34:47.769Z", "datePublished": "2025-10-24T21:32:30.165Z", "dateUpdated": "2025-10-24T21:32:30.165Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fireware OS", "vendor": "WatchGuard", "versions": [{"lessThan": "12.11.2", "status": "affected", "version": "12.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.</div></div><p>This issue affects Fireware OS: from 12.0 before 12.11.2.</p>"}], "value": "An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.\n\n\n\nThis issue affects Fireware OS: from 12.0 before 12.11.2."}], "impacts": [{"capecId": "CAPEC-121", "descriptions": [{"lang": "en", "value": "CAPEC-121 Exploit Non-Production Interfaces"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.9, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-489", "description": "CWE-489 Active Debug Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2025-10-24T21:32:30.165Z"}, "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00010"}], "source": {"advisory": "WGSA-2025-00010", "defect": ["FBX-29549"], "discovery": "UNKNOWN"}, "title": "WatchGuard Firebox leftover debug code vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.\n\n\n\nThis issue affects Fireware OS: from 12.0 before 12.11.2."}], "id": "CVE-2025-4106", "lastModified": "2025-10-24T22:15:40.653", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}, "published": "2025-10-24T22:15:40.653", "references": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00010"}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}