What is the CVSS score of CVE-2025-12196?

CVE-2025-12196 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Fireware are affected by CVE-2025-12196?

WatchGuard Firewall devices running affected Fireware OS versions contain a critical vulnerability allowing authenticated administrative users to execute arbitrary code through malicious CLI…

How to fix or mitigate CVE-2025-12196?

Within 24 hours: Inventory all WatchGuard Firewall devices and identify those running Fireware OS versions 12.0-12.11.4, 12.5-12.5.13, or 2025.1-2025.1.2. Within 7 days: Implement strict CLI access controls by limiting administrative CLI access to trusted personnel only, enforce multi-factor authentication for all privileged accounts, and enable comprehensive CLI command logging and monitoring. Within 30 days: Contact WatchGuard for patch availability and upgrade timelines; if patches are released, plan and execute updates across all affected devices during approved maintenance windows.

Fireware CVE-2025-12196

EUVD-2025-201304 HIGH

Out-of-bounds Write (CWE-787)

2025-12-04 5d1c2695-1a31-4499-88ae-e847036fd7e3

RCE Buffer Overflow Memory Corruption Fireware

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201304

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 22:15 nvd

HIGH 7.2

DescriptionNVD

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Analysis

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).

RemediationAI

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

CVE-2025-12196 vulnerability details – vuln.today

Back

Fireware CVE-2025-12196

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code