WatchGuard Fireware OS security patch release for CVE-2025-9242
Security Patch Release
Summary
Hide ▲
Show ▼
WatchGuard released fixes for Fireware OS after a critical out-of-bounds write flaw, CVE-2025-9242, was disclosed as allowing unauthenticated remote code execution. The patch covers 2025.1, 12.x, 12.3.1 FIPS, and 12.5.x, while 11.x is end-of-life. Remediation is available in 2025.1.1, 12.11.4, 12.3.1_Update3, and 12.5.13.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch Release
First: 24.04.2026 20:28
Last: 24.04.2026 20:28
Sources 1
About this happening:
**PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch ReleaseAbout this happening: **PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
TP-Link security patch release for CVE-2025-15517
Security Patch Release
First: 25.03.2026 13:11
Last: 25.03.2026 13:11
Sources 1
About this happening:
**TP-Link** released **security updates** for its **Archer NX** router series to close a critical authentication-bypass flaw that could let attackers upload firmware without loggi...
TP-Link security patch release for CVE-2025-15517
Security Patch ReleaseAbout this happening: **TP-Link** released **security updates** for its **Archer NX** router series to close a critical authentication-bypass flaw that could let attackers upload firmware without loggi...
Timeline
-
17.10.2025 12:25 5 articles · 7mo ago
WatchGuard patches Fireware OS CVE-2025-9242
Initial DisclosureWatchGuard Fireware OS was disclosed as recently patched for CVE-2025-9242, an out-of-bounds write in the iked process that could let a remote unauthenticated attacker execute arbitrary code through the IKEv2 VPN path. The affected branches are Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1, with fixes in 2025.1.1, 12.11.4, 12.3.1_Update3, and 12.5.13, while 11.x has reached end-of-life.
Show sources
- Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices — thehackernews.com — 17.10.2025 12:25
- Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices — thehackernews.com — 17.10.2025 12:25
- Over 75,000 WatchGuard security devices vulnerable to critical RCE — www.bleepingcomputer.com — 20.10.2025 20:42
- Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution — www.infosecurity-magazine.com — 21.10.2025 13:42
- CISA warns of WatchGuard firewall flaw exploited in attacks — www.bleepingcomputer.com — 13.11.2025 12:03