WatchGuard has warned prospects to patch a important, actively exploited distant code execution (RCE) vulnerability in its Firebox firewalls.
Tracked as CVE-2025-14733, this safety flaw impacts firewalls working Fireware OS 11.x and later (together with 11.12.4_Update1), 12.x or later (together with 12.11.5), and 2025.1 as much as and together with 2025.1.3.
The vulnerability is because of an out-of-bounds write weak point that allows unauthenticated attackers to execute malicious code remotely on unpatched units, following profitable exploitation in low-complexity assaults that do not require consumer interplay.
Whereas unpatched Firebox firewalls are solely susceptible to assaults if configured to make use of IKEv2 VPN, WatchGuard famous they may nonetheless be compromised, even when the susceptible configurations have been deleted, if a department workplace VPN to a static gateway peer remains to be configured.
“If the Firebox was beforehand configured with the cell consumer VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be susceptible if a department workplace VPN to a static gateway peer remains to be configured,” WatchGuard defined in a Thursday advisory.
“WatchGuard has noticed risk actors actively making an attempt to use this vulnerability within the wild,” the corporate warned.
The corporate additionally supplied a brief workaround for organizations that may’t instantly patch units with susceptible Department Workplace VPN (BOVPN) configurations, requiring admins to disable dynamic peer BOVPNs, add new firewall insurance policies, and disable the default system insurance policies that deal with VPN site visitors.
| Product Department | Weak firewall fashions |
|---|---|
| Fireware OS 12.5.x | T15, T35 |
| Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
| Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
WatchGuard shared indicators of compromise to assist prospects test whether or not their Firebox units have been compromised, and suggested those that discover any indicators of malicious exercise to rotate all domestically saved secrets and techniques on susceptible home equipment.
In September, WatchGuard patched one other (virtually similar) distant code execution vulnerability impacting its Firebox firewalls (CVE-2025-9242). One month later, the Web watchdog Shadowserver discovered over 75,000 Firebox firewalls susceptible to CVE-2025-9242 assaults, most of them in North America and Europe.
After three weeks, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) tagged the vulnerability as actively exploited within the wild and ordered federal businesses to safe their WatchGuard Firebox firewalls from ongoing assaults.
Two years in the past, CISA ordered U.S. authorities businesses to patch yet another actively exploited WatchGuard flaw (CVE-2022-23176) impacting Firebox and XTM firewall home equipment.
WatchGuard companions with greater than 17,000 service suppliers and safety resellers to guard the networks of over 250,000 small and mid-sized corporations worldwide.
Damaged IAM is not simply an IT drawback – the affect ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
