WatchGuard has launched fixes to handle a important safety flaw in Fireware OS that it stated has been exploited in real-world assaults.
Tracked as CVE-2025-14733 (CVSS rating: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked course of that would permit a distant unauthenticated attacker to execute arbitrary code.
“This vulnerability impacts each the cellular person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” the corporate stated in a Thursday advisory.
“If the Firebox was beforehand configured with the cellular person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be weak if a department workplace VPN to a static gateway peer remains to be configured.”
The vulnerability impacts the next variations of Fireware OS –
- 2025.1 – Fastened in 2025.1.4
- 12.x – Fastened in 12.11.6
- 12.5.x (T15 & T35 fashions) – Fastened in 12.5.15
- 12.3.1 (FIPS-certified launch) – Fastened in 12.3.1_Update4 (B728352)
- 11.x (11.10.2 as much as and together with 11.12.4_Update1) – Finish-of-Life
WatchGuard acknowledged that it has noticed risk actors actively trying to use this vulnerability within the wild, with the assaults originating from the next IP addresses –
Curiously, the IP deal with “199.247.7[.]82” was additionally flagged by Arctic Wolf earlier this week as linked to the exploitation of two just lately disclosed safety vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8).
The Seattle-based firm has additionally shared a number of indicators of compromise (IoCs) that machine house owners can use to find out if their very own cases have been contaminated –
- A log message stating “Acquired peer certificates chain is longer than 8. Reject this certificates chain” when the Firebox receives an IKE2 Auth payload with greater than 8 certificates
- An IKE_AUTH request log message with an abnormally giant CERT payload dimension (larger than 2000 bytes)
- Throughout a profitable exploit, the iked course of will grasp, interrupting VPN connections
- After a failed or profitable exploit, the IKED course of will crash and generate a fault report on the Firebox
The disclosure comes a little bit over a month after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added one other important WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS rating: 9.3) to its Identified Exploited Vulnerabilities (KEV) catalog after stories of energetic exploitation.
It is at the moment not recognized if these two units of assaults are associated. Customers are suggested to use the updates as quickly as potential to safe in opposition to the risk.
As short-term mitigation for gadgets with weak Department Workplace VPN (BOVPN) configurations, the corporate has urged directors to disable dynamic peer BOVPNs, create an alias that features the static IP addresses of distant BOVPN friends, add new firewall insurance policies that permit entry from the alias, and disable the default built-in insurance policies that deal with VPN visitors.
