WatchGuard 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk xxe and vendor risk open redirect などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-6788 | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.5 | 0.01% | 2026-05-06 | 2026-05-11 |
| CVE-2026-6787 | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.5 | 0.01% | 2026-05-06 | 2026-05-11 |
| CVE-2026-41288 | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 7.3 | 0.01% | 2026-05-06 | 2026-05-11 |
| CVE-2026-41286 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 7.1 | 0.02% | 2026-05-06 | 2026-05-11 |
| CVE-2026-41287 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 7.1 | 0.02% | 2026-05-06 | 2026-05-11 |
| CVE-2026-3344 | A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 6.9 | 0.04% | 2026-03-03 | 2026-03-04 |
| CVE-2026-3343 | A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 5.1 | 0.04% | 2026-03-03 | 2026-03-04 |
| CVE-2026-3342 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.6 | 0.04% | 2026-03-03 | 2026-03-04 |
| CVE-2025-14733 KEV | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 9.3 | 27.76% | 2025-12-19 | 2025-12-23 |
| CVE-2025-6946 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-1547 | A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 7.5 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-1545 | An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and in | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.2 | 0.07% | 2025-12-04 | 2025-12-10 |
| CVE-2025-13940 | An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 6.7 | 0.01% | 2025-12-04 | 2025-12-10 |
| CVE-2025-13939 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-13938 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-13937 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-13936 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0.03% | 2025-12-04 | 2025-12-10 |
| CVE-2025-12196 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.6 | 0.16% | 2025-12-04 | 2025-12-10 |
| CVE-2025-12195 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.6 | 0.16% | 2025-12-04 | 2025-12-10 |
| CVE-2025-12026 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.6 | 0.07% | 2025-12-04 | 2025-12-10 |