The resolved variations are 2025.1.4, 12.11.6, 12.5.15 (T15 & T35 fashions), and 12.3.1_Update4 (B728352) for the FIPS-certified launch. There isn’t any repair for 11.x, which is taken into account finish of life.
Importantly, WatchGuard warned, patching is probably not sufficient: “If the Firebox was beforehand configured with the cell consumer VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should be weak if a department workplace VPN to a static gateway peer continues to be configured.”
And a few admins have much more post-patching duties to carry out, it mentioned, noting, “along with putting in the newest Fireware OS that accommodates the repair, directors which have confirmed risk actor exercise on their Firebox home equipment should take precautions to rotate all regionally saved secrets and techniques on weak Firebox home equipment.”
