- WatchGuard released patches for a critical vulnerability in Fireware OS exploited in active attacks.
- The flaw, CVE-2025-14733, allows remote code execution via an out-of-bounds write in the iked process.
- The issue affects VPN configurations using IKEv2 with dynamic gateway peers and may persist after configuration changes.
- Patches are available for Fireware OS versions 2025.1, 12.x, 12.5.x, and 12.3.1, while older 11.x versions are no longer supported.
- Users are urged to update immediately and consider temporary mitigations for vulnerable VPN setups.
WatchGuard has issued security updates to fix a critical vulnerability found in its Fireware OS, following reports of active exploitation. The flaw, identified as CVE-2025-14733 with a CVSS score of 9.3, is an out-of-bounds write affecting the iked process. This allows attackers to run arbitrary code remotely without authentication.
The vulnerability impacts mobile user VPNs and branch office VPNs configured with IKEv2 and dynamic gateway peers. According to an advisory, systems previously set up with these VPN configurations may remain vulnerable even after they are deleted, if a branch office VPN to a static gateway peer is still in place.
Affected Fireware OS versions include 2025.1 (fixed in 2025.1.4), 12.x (fixed in 12.11.6), 12.5.x for T15 and T35 models (fixed in 12.5.15), and the FIPS-certified 12.3.1 release (fixed in 12.3.1_Update4). Older 11.x versions are no longer supported and are considered end-of-life.
The company confirmed that threat actors are actively exploiting this vulnerability, with attacks traced to specific IP addresses. The IP “199.247.7[.]82” was also linked to recent exploitation attempts targeting Fortinet products, as noted by Arctic Wolf.
WatchGuard provided indicators of compromise to help detect infection. These include log messages about unusually long certificate chains or large CERT payloads during IKE_AUTH requests, the iked process hanging or crashing, and generation of fault reports.
This security update follows a prior critical Fireware OS flaw (CVE-2025-9242) recently added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog.
As a temporary measure, device administrators with vulnerable Branch Office VPN configurations are advised to disable dynamic peer BOVPNs, create IP address aliases for static VPN peers, adjust firewall policies accordingly, and disable default VPN traffic policies. Detailed mitigation instructions are available from WatchGuard’s knowledge base.
Users should apply the provided updates promptly to protect their systems from potential attacks.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- XRP Falls to $1.84, Risks Steep Drop to $0.50 Amid Bearish Trends
- IcomTech Promoter Gets 71 Months for Crypto Ponzi, $789K Restitution
- Bitcoin May End 4-Year Cycle, Signaling Potential 2026 Downside
- Nigeria Arrests Developers Behind RaccoonO365 Phishing Scheme
- Iran Proposes Shared BRICS Lab Network to Cut Research Costs
