Critical Remote Code Execution Vulnerability in WatchGuard Firebox Firewalls
Summary
Hide β²
Show βΌ
WatchGuard has patched a critical remote code execution vulnerability in Firebox firewalls. The flaw, CVE-2025-9242, is an out-of-bounds write issue affecting devices running specific versions of Fireware OS. Exploitation can lead to remote code execution on vulnerable devices configured to use IKEv2 VPN. The vulnerability impacts Firebox firewalls running Fireware OS 11.x, 12.x, and 2025.1. The flaw is exploitable if the firewalls are configured to use IKEv2 VPN, and devices may remain vulnerable even if the configurations have been deleted. WatchGuard has provided patches and a temporary workaround for affected systems. The vulnerability is not yet exploited in the wild, but administrators are advised to update their devices promptly.
Timeline
-
18.09.2025 11:23 π° 1 articles Β· β± 1d ago
Critical Remote Code Execution Vulnerability in WatchGuard Firebox Firewalls
WatchGuard has released security updates to address a critical remote code execution vulnerability (CVE-2025-9242) in Firebox firewalls. The flaw affects devices running Fireware OS 11.x, 12.x, and 2025.1 and is exploitable through IKEv2 VPN configurations. Patches are available, and a temporary workaround is provided for affected systems. The vulnerability is not yet exploited in the wild, but administrators are advised to update their devices promptly.
Show sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
Information Snippets
-
The vulnerability, CVE-2025-9242, is an out-of-bounds write flaw that allows remote code execution.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
Affected versions include Fireware OS 11.x (end of life), 12.x, and 2025.1.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
The flaw is exploitable if the firewalls are configured to use IKEv2 VPN.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
Devices may remain vulnerable even if the IKEv2 VPN configurations have been deleted.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
Patches are available in versions 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
A temporary workaround involves disabling dynamic peer BOVPNs and modifying firewall policies.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
-
The vulnerability is not yet exploited in the wild.
First reported: 18.09.2025 11:23π° 1 source, 1 articleShow sources
- WatchGuard warns of critical vulnerability in Firebox firewalls β www.bleepingcomputer.com β 18.09.2025 11:23
Similar Happenings
Critical deserialization vulnerability in Fortra GoAnywhere MFT
Fortra disclosed a critical deserialization vulnerability in GoAnywhere Managed File Transfer (MFT) software (CVE-2025-10035). This flaw, with a CVSS score of 10.0, allows arbitrary command execution through a forged license response signature. The vulnerability affects systems accessible over the internet and was patched in versions 7.8.4 and 7.6.3. Fortra has not confirmed exploitation in the wild, but similar vulnerabilities in the same product were previously exploited by ransomware actors. Users are advised to update to the patched versions immediately or restrict public access to the GoAnywhere Admin Console. Fortra discovered the vulnerability during a security check on September 11, 2025. The vulnerability was identified in the License Servlet of GoAnywhere MFT. Over 470 GoAnywhere MFT instances are being monitored by the Shadowserver Foundation.