Published:2025/07/11  Last Updated:2025/07/11

JVNVU#91657555
Firebox T15 contains an issue with hidden functionality

Overview

Firebox T15 provided by WatchGuard Technologies contains an issue with hidden functionality.

Products Affected

  • Firebox T15 firmware versions prior to 12.11.3

Description

Firebox T15 provided by WatchGuard Technologies contains the following vulnerability.

  • Hidden functionality (CWE-912)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2025-4106

Impact

An attacker may log into the product with an administrative privilege to use the WG Shell (CLI) and then use the shell with the root privilege.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
WatchGuard Technologies WGSA-2025-00010 WatchGuard Firebox Leftover Debug Code Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia