Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA adds WatchGuard Fireware CVE-2025-9242 to KEV catalog

Public Sector Action
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-9242 in WatchGuard Fireware to the KEV catalog, signaling active exploitation and forcing remediation prioritization. The flaw is an out-of-bounds write in the OS iked process that can let a remote unauthenticated attacker run arbitrary code. Federal civilian agencies were told to patch by December 3, 2025, while scans show 54,300+ Firebox instances still exposed.

Related Happenings

Federal civilian executive branch agency hit by network compromise

Incident
First: 24.04.2026 23:34 Last: 24.04.2026 23:34 Sources 1

About this happening: A **federal civilian executive branch agency** was compromised in an **early September 2025** intrusion that left attackers with persistent access on **Cisco Firepower** and **Sec...

Open Happening

Cisco ASA/FTD code execution and authentication bypass flaws (multiple vulnerabilities)

Vulnerability
First: 24.04.2026 20:06 Last: 24.04.2026 20:06 Sources 1

About this happening: **Cisco ASA/FTD** vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** are still under **active exploitation** and can be chained for **unauthenticated remote control** of af...

Open Happening

FIRESTARTER malware on Cisco ASA and FTD devices

Malware Activity
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...

Latest development: 24.04.2026 23:34

CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...

Open Happening

Timeline

  1. 13.11.2025 09:23 1 articles · 6mo ago

    watchTowr Labs details WatchGuard Firebox flaw

    Technical Analysis Update

    watchTowr Labs described a missing length check on an identification buffer used during the IKE handshake in WatchGuard Firebox, and McCaulay Hudson said the vulnerable code runs before certificate validation, leaving a pre-authentication path that can reach arbitrary code execution.

    Show sources
    Open in new tab
  2. 13.11.2025 09:23 2 articles · 6mo ago

    CISA adds CVE-2025-9242 to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2025-9242, a CVSS 9.3 out-of-bounds write in WatchGuard Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1, to the KEV catalog after evidence of active exploitation; Federal Civilian Executive Branch agencies were told to apply WatchGuard's patches by December 3, 2025, while Shadowserver counted more than 54,300 vulnerable Firebox instances on November 12, 2025.

    Show sources
    Open in new tab