Skip to main content

Fireware CVE-2025-13940

| EUVDEUVD-2025-201299 MEDIUM
Expected Behavior Violation (CWE-440)
2025-12-04 5d1c2695-1a31-4499-88ae-e847036fd7e3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 16:35 euvd
EUVD-2025-201299
Analysis Generated
Mar 15, 2026 - 16:35 vuln.today
CVE Published
Dec 04, 2025 - 22:15 nvd
MEDIUM 5.5

DescriptionCVE.org

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.

Analysis

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.

Technical ContextAI

This vulnerability is classified as Expected Behavior Violation (CWE-440).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-9242 CRITICAL POC
9.3 Sep 17

WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execut

CVE-2025-1545 HIGH
7.5 Dec 04

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensi

CVE-2025-11838 HIGH
7.5 Dec 04

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of

CVE-2025-12196 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe

CVE-2025-12195 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe

CVE-2026-3342 HIGH
7.2 Mar 03

WatchGuard Fireware OS contains an out-of-bounds write vulnerability in its management interface that permits authentica

CVE-2025-12026 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticate

CVE-2025-1547 HIGH
7.2 Dec 04

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allo

CVE-2026-3343 MEDIUM
6.1 Mar 03

Fireware OS Web UI contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript in authe

CVE-2025-13939 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

CVE-2025-13938 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

CVE-2025-13937 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

Share

CVE-2025-13940 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy