漏洞关键信息 漏洞标题: WatchGuard Firebox Boot Time System Integrity Check Bypass Advisory ID: WSGA-2025-00026 CVE: CVE-2025-13940 影响: Medium 状态: Resolved 产品家族: Firebox 发布日期: 2025-12-04 更新日期: 2025-12-04 变通方法可用: False CVSS Score: 6.7 CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N 摘要 An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure. 受影响版本 This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2. 解决方案 受影响产品列表 Firebox - Fireware OS 2025.1.x: T115-W, T125, T125-W, T145, T145-W, T185, T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV Firebox - Fireware OS 12.x