CVE-2022-25360: Malicious File Upload
First published: Thu Feb 24 2022(Updated: )
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WatchGuard Fireware | >=12.0.0<12.1.3 | |
| WatchGuard Fireware | >=12.2.0<12.5.9 | |
| WatchGuard Fireware | >=12.7.0<12.7.2 | |
| WatchGuard Fireware | =12.1.3 | |
| WatchGuard Fireware | =12.1.3-u1 | |
| WatchGuard Fireware | =12.1.3-u2 | |
| WatchGuard Fireware | =12.1.3-u3 | |
| WatchGuard Fireware | =12.1.3-u4 | |
| WatchGuard Fireware | =12.1.3-u5 | |
| WatchGuard Fireware | =12.1.3-u6 | |
| WatchGuard Fireware | =12.1.3-u7 | |
| WatchGuard Fireware | =12.5.9 | |
| WatchGuard Fireware | =12.5.9-u1 | |
| WatchGuard Fireware | =12.7.2 | |
| WatchGuard Fireware | =12.7.2-u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-25360.
Which products or software are affected by this vulnerability?
This vulnerability impacts WatchGuard Firebox and XTM appliances with Fireware OS versions before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
What is the severity of CVE-2022-25360?
The severity of CVE-2022-25360 is high, with a severity value of 8.8.
How does CVE-2022-25360 affect the system?
CVE-2022-25360 allows an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations on the affected WatchGuard Firebox and XTM appliances.
How can I fix the vulnerability identified in CVE-2022-25360?
To fix the vulnerability identified in CVE-2022-25360, update Fireware OS to version 12.7.2_U2, 12.1.3_U8, or 12.5.9_U2 depending on the version you are currently using.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/watchguard
- canonical/watchguard fireware
- version/watchguard fireware/12.0.0
- version/watchguard fireware/12.2.0
- version/watchguard fireware/12.7.0
- version/watchguard fireware/12.1.3
- version/watchguard fireware/12.1.3-u1
- version/watchguard fireware/12.1.3-u2
- version/watchguard fireware/12.1.3-u3
- version/watchguard fireware/12.1.3-u4
- version/watchguard fireware/12.1.3-u5
- version/watchguard fireware/12.1.3-u6
- version/watchguard fireware/12.1.3-u7
- version/watchguard fireware/12.5.9
- version/watchguard fireware/12.5.9-u1
- version/watchguard fireware/12.7.2
- version/watchguard fireware/12.7.2-u1