Key points
- WatchGuard has issued an urgent patch alert for its Firebox firewall appliances due to a critical-rated vulnerability (CVE-2025-14733) that is being exploited by threat actors.
- The vulnerability is an Out-of-bounds Write flaw that could allow a remote unauthenticated attacker to execute arbitrary code, taking control of the appliance through remote code execution (RCE).
- Admins should immediately check Firebox appliances for signs of compromise and apply the patch, as patching may not be enough to secure the appliance, especially if it was previously configured with certain VPN settings.
A recent urgent patch alert has been issued by WatchGuard for its Firebox firewall appliances, following the discovery of a critical-rated vulnerability (CVE-2025-14733) that is being actively exploited by threat actors. This vulnerability has been assigned a CVSS score of 9.3, indicating a high level of severity. The flaw is an Out-of-bounds Write vulnerability that affects the iked process, a component of the WatchGuard Fireware OS responsible for the IKEv2 key exchange in IPSec VPNs.
According to WatchGuard’s advisory, this weakness could allow a remote unauthenticated attacker to execute arbitrary code, taking control of the appliance through remote code execution (RCE) without having to log in. This makes CVE-2025-14733 a bona fide zero-day vulnerability, as it was under attack before a patch was made available by WatchGuard on December 18.
The first step for admins should be to check Firebox appliances for signs of current or recent compromise, as outbound traffic to certain IP addresses associated with exploitation could be a strong indicator of compromise. WatchGuard’s advisory lists four IP addresses that are associated with exploitation, and inbound connections from these addresses could indicate reconnaissance efforts or exploit attempts.
Affected Fireware OS versions include 2025.1 up to and including 2025.1.3, 12.0 up to and including 12.11.5, and legacy 11.10.2 up to and including 11.12.4_Update1. The resolved versions are 2025.1.4, 12.11.6, 12.5.15, and 12.3.1_Update4 for the FIPS-certified release. However, there is no fix for 11.x, which is considered end of life.
WatchGuard has warned that patching may not be enough to secure the appliance, especially if it was previously configured with certain VPN settings. Admins who have confirmed threat actor activity on their Firebox appliances must take precautions to rotate all locally stored secrets on vulnerable Firebox appliances.
This is not the first time WatchGuard has patched a similar Firebox vulnerability. In September, the company patched a similar flaw, CVE-2025-9242, which also affected the iked VPN configuration and was given a CVSS score of 9.3. Unfortunately, the evidence shows that some WatchGuard customers don’t patch vulnerabilities as quickly as they should, which could put their Microsoft Windows Server and Azure infrastructure at risk. Slow or reluctant patching might also explain why Russian-aligned ‘Sandworm’ hackers were recently discovered to be targeting WatchGuard Firebox and XTM appliances by exploiting CVEs dating back several years. As a result, it’s essential for admins to prioritize patching and take immediate action to secure their Firebox appliances.
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.