Impact
An authenticated administrator can trigger a denial‑of‑service condition in the Fireware Management Web UI by sending malformed data to the put_data endpoint. The vulnerability stems from unsafe deserialization of attacker‑supplied input, allowing the application to consume corrupted objects and halt processing. The resulting disruption affects the availability of the web UI and any services that rely on it, potentially preventing administrators from performing management tasks.
Affected Systems
The flaw affects WatchGuard Fireware OS on versions 12.0, 12.5, and 2025.1.
Risk and Exploitability
The CVSS score of 6.9 indicates a medium‑to‑high severity. EPSS is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in CISA's KEV catalog. The attack requires an authenticated administrator‑level user and can be carried out over the web interface, which makes it a web‑based attack vector. An attacker who gains or already possesses administrative credentials can send crafted requests to trigger the denial‑of‑service condition without needing additional privileges.
OpenCVE Enrichment