CVE-2025-59396
WatchGuard Firebox Unauthenticated Remote Command Execution Vulnerability
Description
Rejected reason: Not a security vulnerability
INFO
Published Date :
Nov. 6, 2025, 5:15 p.m.
Last Modified :
Nov. 10, 2025, 11:15 p.m.
Remotely Exploit :
Yes !
Source :
5d1c2695-1a31-4499-88ae-e847036fd7e3
Affected Products
The following products are affected by CVE-2025-59396
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Change default SSH admin password.
- Disable SSH access if not needed.
- Restrict access to authorized personnel.
- Review and update device configurations.
Public PoC/Exploit Available at Github
CVE-2025-59396 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
WatchGuard Firebox Default Configuration Allows Unauthorized SSH Access via Port 4118
PowerShell Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-59396 vulnerability anywhere in the article.
-
Daily CyberSecurity
Critical Devolutions Server Flaw (CVE-2025-13757) Allows Authenticated SQL Injection to Steal All Passwords
Devolutions has released urgent security updates for its flagship self-hosted password management solution, Devolutions Server, addressing three distinct vulnerabilities that could expose sensitive cr ... Read more
-
CybersecurityNews
WatchGuard Firebox Firewall Vulnerability Let Attackers Gain Unauthorized SSH Access
A critical vulnerability in WatchGuard Firebox firewalls could allow attackers to gain complete administrative access to the devices without any authentication. The flaw, tracked as CVE-2025-59396, st ... Read more
-
Daily CyberSecurity
Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking
Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent security advisory addressing two serious vulnerabilities in its Devolution ... Read more
-
Daily CyberSecurity
Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials
A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain unauthorized administrative access via SSH using default credentials ... Read more
-
Daily CyberSecurity
Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server
GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222) in its Smallworld Master File Server (S ... Read more
The following table lists the changes that have been made to the
CVE-2025-59396 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by 5d1c2695-1a31-4499-88ae-e847036fd7e3
Nov. 10, 2025
Action Type Old Value New Value -
CVE Modified by 5d1c2695-1a31-4499-88ae-e847036fd7e3
Nov. 10, 2025
Action Type Old Value New Value Changed Description The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 with the readwrite password for the admin account. Rejected reason: Not a security vulnerability Removed CVSS V3.1 CISA-ADP: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Removed CWE CISA-ADP: CWE-1188 Removed Reference MITRE: https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt Removed Reference MITRE: https://www.watchguard.com/wgrd-products/firewalls -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 07, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-1188 -
New CVE Received by [email protected]
Nov. 06, 2025
Action Type Old Value New Value Added Description The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 with the readwrite password for the admin account. Added Reference https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt Added Reference https://www.watchguard.com/wgrd-products/firewalls