Vulnerability Description
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Fireware | >= 2025.1, < 2025.1.3 |
| Watchguard | Firebox T115-W | - |
| Watchguard | Firebox T125 | - |
| Watchguard | Firebox T125-W | - |
| Watchguard | Firebox T145 | - |
| Watchguard | Firebox T145-W | - |
| Watchguard | Firebox T185 | - |
| Watchguard | Firebox M270 | - |
| Watchguard | Firebox M290 | - |
| Watchguard | Firebox M370 | - |
| Watchguard | Firebox M390 | - |
| Watchguard | Firebox M440 | - |
| Watchguard | Firebox M4600 | - |
| Watchguard | Firebox M470 | - |
| Watchguard | Firebox M4800 | - |
| Watchguard | Firebox M5600 | - |
| Watchguard | Firebox M570 | - |
| Watchguard | Firebox M5800 | - |
| Watchguard | Firebox M590 | - |
| Watchguard | Firebox M670 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-11838?
CVE-2025-11838 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office...
How severe is CVE-2025-11838?
CVE-2025-11838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11838?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox T115-W, Watchguard Firebox T125, Watchguard Firebox T125-W, Watchguard Firebox T145.