SecuriTricks - CVE-2025-13940

Description

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.

Product(s) Impacted

Vendor	Product	Versions
Watchguard	Fireware Firebox T115-w Firebox T125 Firebox T125-w Firebox T145 Firebox T145-w Firebox T185 Firebox M270 Firebox M290 Firebox M370 Firebox M390 Firebox M440 Firebox M4600 Firebox M470 Firebox M4800 Firebox M5600 Firebox M570 Firebox M5800 Firebox M590 Firebox M670 Firebox M690 Firebox Nv5 Firebox T20 Firebox T25 Firebox T40 Firebox T45 Firebox T55 Firebox T70 Firebox T80 Firebox T85 Fireboxcloud Fireboxv	* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-440

Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	watchguard	fireware	/	/	/	/	/	/	/	/
h	watchguard	firebox_t115-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t125	-	/	/	/	/	/	/	/
h	watchguard	firebox_t125-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t145	-	/	/	/	/	/	/	/
h	watchguard	firebox_t145-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t185	-	/	/	/	/	/	/	/
o	watchguard	fireware	/	/	/	/	/	/	/	/
h	watchguard	firebox_m270	-	/	/	/	/	/	/	/
h	watchguard	firebox_m290	-	/	/	/	/	/	/	/
h	watchguard	firebox_m370	-	/	/	/	/	/	/	/
h	watchguard	firebox_m390	-	/	/	/	/	/	/	/
h	watchguard	firebox_m440	-	/	/	/	/	/	/	/
h	watchguard	firebox_m4600	-	/	/	/	/	/	/	/
h	watchguard	firebox_m470	-	/	/	/	/	/	/	/
h	watchguard	firebox_m4800	-	/	/	/	/	/	/	/
h	watchguard	firebox_m5600	-	/	/	/	/	/	/	/
h	watchguard	firebox_m570	-	/	/	/	/	/	/	/
h	watchguard	firebox_m5800	-	/	/	/	/	/	/	/
h	watchguard	firebox_m590	-	/	/	/	/	/	/	/
h	watchguard	firebox_m670	-	/	/	/	/	/	/	/
h	watchguard	firebox_m690	-	/	/	/	/	/	/	/
h	watchguard	firebox_nv5	-	/	/	/	/	/	/	/
h	watchguard	firebox_t20	-	/	/	/	/	/	/	/
h	watchguard	firebox_t25	-	/	/	/	/	/	/	/
h	watchguard	firebox_t40	-	/	/	/	/	/	/	/
h	watchguard	firebox_t45	-	/	/	/	/	/	/	/
h	watchguard	firebox_t55	-	/	/	/	/	/	/	/
h	watchguard	firebox_t70	-	/	/	/	/	/	/	/
h	watchguard	firebox_t80	-	/	/	/	/	/	/	/
h	watchguard	firebox_t85	-	/	/	/	/	/	/	/
h	watchguard	fireboxcloud	-	/	/	/	/	/	/	/
h	watchguard	fireboxv	-	/	/	/	/	/	/	/

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00026

CVSS Score

6.7 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: HIGH
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Dec. 4, 2025, 10:15 p.m.
Last Modified: Dec. 10, 2025, 4:04 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

5d1c2695-1a31-4499-88ae-e847036fd7e3

CVE-2025-13940