WatchGuard has launched fixes to deal with a vital security flaw in Fireware OS that it mentioned has been exploited in real-world assaults.
Tracked as CVE-2025-14733 (CVSS rating: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked course of that would permit a distant unauthenticated attacker to execute arbitrary code.
“This vulnerability impacts each the cell person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” the corporate mentioned in a Thursday advisory.
“If the Firebox was beforehand configured with the cell person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be weak if a department workplace VPN to a static gateway peer remains to be configured.”
The vulnerability impacts the next variations of Fireware OS –
- 2025.1 – Mounted in 2025.1.4
- 12.x – Mounted in 12.11.6
- 12.5.x (T15 & T35 fashions) – Mounted in 12.5.15
- 12.3.1 (FIPS-certified launch) – Mounted in 12.3.1_Update4 (B728352)
- 11.x (11.10.2 as much as and together with 11.12.4_Update1) – Finish-of-Life
WatchGuard acknowledged that it has noticed risk actors actively trying to take advantage of this vulnerability within the wild, with the assaults originating from the next IP addresses –
Curiously, the IP handle “199.247.7[.]82” was additionally flagged by Arctic Wolf earlier this week as linked to the exploitation of two lately disclosed security vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8).
The Seattle-based firm has additionally shared a number of indicators of compromise (IoCs) that machine homeowners can use to find out if their very own situations have been contaminated –
- A log message stating “Acquired peer certificates chain is longer than 8. Reject this certificates chain” when the Firebox receives an IKE2 Auth payload with greater than 8 certificates
- An IKE_AUTH request log message with an abnormally massive CERT payload dimension (better than 2000 bytes)
- Throughout a profitable exploit, the iked course of will cling, interrupting VPN connections
- After a failed or profitable exploit, the IKED course of will crash and generate a fault report on the Firebox
The disclosure comes somewhat over a month after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added one other vital WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS rating: 9.3) to its Identified Exploited Vulnerabilities (KEV) catalog after stories of energetic exploitation.
It is presently not recognized if these two units of assaults are associated. Customers are suggested to use the updates as quickly as potential to safe in opposition to the risk.
As short-term mitigation for gadgets with weak Department Workplace VPN (BOVPN) configurations, the corporate has urged directors to disable dynamic peer BOVPNs, create an alias that features the static IP addresses of distant BOVPN friends, add new firewall insurance policies that permit entry from the alias, and disable the default built-in insurance policies that deal with VPN visitors.
