A severe vulnerability in WatchGuard Firebox firewalls permits attackers to achieve complete administrative control without any authentication. Identified as CVE-2025-59396, this flaw stems from insecure default settings that expose SSH on port 4118, using hardcoded credentials that remain persistent in appliances shipping until September 10, 2025. This situation allows any attacker with network access to establish a connection via SSH clients, thus wielding full control over the device, leading to potential data breaches.
The vulnerability poses significant risks, enabling remote unauthenticated attackers to access sensitive network data, including configurations and user account details, while also allowing modification or disabling of firewall rules. This misconfiguration jeopardizes the entire security architecture by permitting lateral movement within networks, potentially compromising other systems and critical infrastructure. Organizations utilizing WatchGuard Firebox devices are urged to verify their configurations and amend default SSH credentials. Following up on security advisories and firmware patches is also crucial to mitigate risks stemming from such vulnerabilities.
👉 Pročitaj original: Cyber Security News
