The resolved variations are 2025.1.4, 12.11.6, 12.5.15 (T15 & T35 fashions), and 12.3.1_Update4 (B728352) for the FIPS-certified launch. There isn’t any repair for 11.x, which is taken into account finish of life.
Importantly, WatchGuard warned, patching might not be sufficient: “If the Firebox was beforehand configured with the cell person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be susceptible if a department workplace VPN to a static gateway peer continues to be configured.”
And a few admins have much more post-patching duties to carry out, it mentioned, noting, “along with putting in the newest Fireware OS that incorporates the repair, directors which have confirmed menace actor exercise on their Firebox home equipment should take precautions to rotate all regionally saved secrets and techniques on susceptible Firebox home equipment.”
