WatchGuard has warned clients to patch a crucial, actively exploited distant code execution (RCE) vulnerability in its Firebox firewalls.
Tracked as CVE-2025-14733, this security flaw impacts firewalls operating Fireware OS 11.x and later (together with 11.12.4_Update1), 12.x or later (together with 12.11.5), and 2025.1 as much as and together with 2025.1.3.
The vulnerability is because of an out-of-bounds write weak point that allows unauthenticated attackers to execute malicious code remotely on unpatched gadgets, following profitable exploitation in low-complexity assaults that do not require person interplay.
Whereas unpatched Firebox firewalls are solely susceptible to assaults if configured to make use of IKEv2 VPN, WatchGuard famous they may nonetheless be compromised, even when the susceptible configurations have been deleted, if a department workplace VPN to a static gateway peer continues to be configured.
“If the Firebox was beforehand configured with the cell person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be susceptible if a department workplace VPN to a static gateway peer continues to be configured,” WatchGuard defined in a Thursday advisory.
“WatchGuard has noticed menace actors actively making an attempt to take advantage of this vulnerability within the wild,” the corporate warned.
The corporate additionally supplied a short lived workaround for organizations that may’t instantly patch gadgets with susceptible Department Workplace VPN (BOVPN) configurations, requiring admins to disable dynamic peer BOVPNs, add new firewall insurance policies, and disable the default system insurance policies that deal with VPN site visitors.
| Product Department | Susceptible firewall fashions |
|---|---|
| Fireware OS 12.5.x | T15, T35 |
| Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
| Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
WatchGuard shared indicators of compromise to assist clients examine whether or not their Firebox gadgets have been compromised, and suggested those that discover any indicators of malicious exercise to rotate all regionally saved secrets and techniques on susceptible home equipment.
In September, WatchGuard patched one other (nearly equivalent) distant code execution vulnerability impacting its Firebox firewalls (CVE-2025-9242). One month later, the Web watchdog Shadowserver discovered over 75,000 Firebox firewalls susceptible to CVE-2025-9242 assaults, most of them in North America and Europe.
After three weeks, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) tagged the vulnerability as actively exploited within the wild and ordered federal businesses to safe their WatchGuard Firebox firewalls from ongoing assaults.
Two years in the past, CISA ordered U.S. authorities businesses to patch yet another actively exploited WatchGuard flaw (CVE-2022-23176) impacting Firebox and XTM firewall home equipment.
WatchGuard companions with greater than 17,000 service suppliers and security resellers to guard the networks of over 250,000 small and mid-sized corporations worldwide.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
