[Japanese]

JVNDB-2025-008783

Firebox T15 contains an issue with hidden functionality

Overview

Firebox T15 provided by WatchGuard Technologies contains the following vulnerability.

* Hidden functionality (CWE-912) - CVE-2025-4106

Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


WatchGuard Technologies, Inc.
  • Firebox T15 firmware versions prior to 12.11.3

Impact

An attacker may log into the product with an administrative privilege to use the WG Shell (CLI) and then use the shell with the root privilege.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Vendor Information

WatchGuard Technologies, Inc.
CWE (What is CWE?)

  1. Hidden Functionality(CWE-912) [Other]
CVE (What is CVE?)

  1. CVE-2025-4106
References

  1. JVN : JVNVU#91657555
Revision History

  • [2025/07/14]
      Web page was published

Date Public2025/07/11
Date First Published2025/07/14
Date Last Updated2025/07/14