Published On: Sep 29, 2025 15:02
Advisory No: TZCERT-SA-25-0110
Source: WatchGuard
Software Affected: Firebox OS
Firebox OS is affected by a critical vulnerability. An attacker can leverage the vulnerability to execute remote code on the affected device.
Firebox OS is affected by a critical vulnerability tracked as CVE-2025-26399, with a CVSS base score of 9.8. The flaw occurs when a program attempts to write data beyond the allocated memory buffer, potentially overwriting adjacent memory regions and causing unpredictable behavior. An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
WatchGuard has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
