Unauthorized hacker granted capability to execute custom code on WatchGuard systems due to key vulnerability.
A significant security vulnerability, identified as CVE-2025-9242, has been discovered in WatchGuard's Firebox firewalls. This vulnerability, rated as critical with a CVSS score of 9.3 out of 10, poses a serious threat to the confidentiality, integrity, and availability of network traffic.
The affected process in WatchGuard's Fireware OS is responsible for handling Internet Key Exchange (IKE), a protocol used to set up secure VPN connections. Specifically, the vulnerability is an out-of-bounds write issue within this process.
The vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected devices. This could potentially lead to a complete compromise of the firewall, enabling interception of network traffic, pivoting to internal networks, or disrupting security operations.
The advisory, WGSA-2025-00015, released on September 17, 2025, warns of a specific edge case: a Firebox may remain vulnerable if it was previously configured with one of the vulnerable VPN types, even if those configurations have since been deleted, as long as a branch office VPN to a static gateway peer is still active.
WatchGuard has already released patched versions of Fireware OS to address this vulnerability. The recommended versions are 2025.1.1, 12.11.4, 12.5.13 (for T15 & T35 models), and 12.3.1_Update3 for the FIPS-certified release.
For organizations that cannot immediately apply the updates, a temporary workaround is available. This involves implementing WatchGuard's security best practices for securing branch office VPNs that use IPSec and IKEv2, specifically when configured with static gateway peers.
Administrators are strongly urged to upgrade their devices to the appropriate resolved version as soon as possible. It's important to note that no advertisements were found in the given text.
The advisory does not provide specific affected configurations and versions of Fireware OS beyond those mentioned. The affected Fireware OS versions include 11.10.2 up to 12.11.3, and the recent 2025.1 release.
The Firebox Firewall is manufactured by the organization WatchGuard. This vulnerability specifically affects Firebox devices running certain versions of Fireware OS when configured with specific VPN setups, including mobile user VPN with IKEv2 and branch office VPN using IKEv2 with a dynamic gateway peer.
The critical nature of this flaw is reflected in its high CVSS 4.0 score, which indicates a high impact on confidentiality, integrity, and availability. Applying the official patches is the most effective way to mitigate the risk posed by this critical vulnerability fully.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Tesla's Autonomous Taxi: Human Intervention in AI-Driven Vehicles Unveiled as Controversy
- Network Monitoring Tool: Snort - an open-source Intrusion Detection System for data communications and networking
- HPV Link to Breast Cancer, Risk Factors, and Ways to Prevent It
