Published:2025/07/11 Last Updated:2025/07/11
JVNVU#91657555
Firebox T15 contains an issue with hidden functionality
Overview
Firebox T15 provided by WatchGuard Technologies contains an issue with hidden functionality.
Products Affected
- Firebox T15 firmware versions prior to 12.11.3
Description
Firebox T15 provided by WatchGuard Technologies contains the following vulnerability.
- Hidden functionality (CWE-912)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2025-4106
Impact
An attacker may log into the product with an administrative privilege to use the WG Shell (CLI) and then use the shell with the root privilege.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
WatchGuard Technologies | WGSA-2025-00010 WatchGuard Firebox Leftover Debug Code Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.