Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes

WatchGuard disclosed and patched ten vulnerabilities in Firebox appliances (disclosed 2025-12-04), including multiple high-severity out-of-bounds write flaws (CVE-2025-12195, CVE-2025-12196, CVE-2025-12026) enabling potential arbitrary code execution, an IKE daemon memory-corruption DoS (CVE-2025-11838), an XPath injection leading to information disclosure (CVE-2025-1545), and several stored XSS issues in third-party integrations; operators should urgently upgrade to Fireware OS 2025.1.3, 12.11.5, or 12.5.14, especially for devices exposing management interfaces or using legacy IPSec/IKE configurations.