Active Exploitation of Critical WatchGuard Fireware OS VPN Vulnerability (CVE-2025-14733)
Summary
Hide ▲
Show ▼
WatchGuard has released patches for a critical out-of-bounds write vulnerability (CVE-2025-14733, CVSS 9.3) in Fireware OS, which is being actively exploited in the wild. The flaw affects the iked process and could allow remote unauthenticated attackers to execute arbitrary code. The vulnerability impacts various versions of Fireware OS, including 2025.1, 12.x, 12.5.x, and 12.3.1, while versions 11.x are end-of-life. WatchGuard has observed active exploitation attempts from several IP addresses, some of which are linked to recent Fortinet vulnerabilities. The company has provided indicators of compromise (IoCs) and temporary mitigation steps for affected devices.
Timeline
-
19.12.2025 13:23 1 articles · 7h ago
WatchGuard Releases Patches for Actively Exploited Fireware OS VPN Vulnerability
WatchGuard has released patches for a critical out-of-bounds write vulnerability (CVE-2025-14733) in Fireware OS, which is being actively exploited. The flaw affects the iked process and allows remote unauthenticated attackers to execute arbitrary code. The company has provided IoCs and temporary mitigation steps for affected devices.
Show sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
Information Snippets
-
CVE-2025-14733 is an out-of-bounds write vulnerability affecting the iked process in WatchGuard Fireware OS.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
The vulnerability has a CVSS score of 9.3 and allows remote unauthenticated attackers to execute arbitrary code.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
Affected versions include Fireware OS 2025.1 (fixed in 2025.1.4), 12.x (fixed in 12.11.6), 12.5.x (fixed in 12.5.15), and 12.3.1 (fixed in 12.3.1_Update4).
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
Versions 11.x (11.10.2 up to and including 11.12.4_Update1) are end-of-life and no longer supported.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
Active exploitation attempts have been observed from IP addresses 45.95.19[.]50, 51.15.17[.]89, 172.93.107[.]67, and 199.247.7[.]82.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
The IP address 199.247.7[.]82 is also linked to the exploitation of Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
Indicators of compromise include abnormal IKE2 Auth payloads, large CERT payload sizes, and crashes in the IKED process.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23
-
Temporary mitigation steps include disabling dynamic peer BOVPNs and creating firewall policies for static IP addresses.
First reported: 19.12.2025 13:231 source, 1 articleShow sources
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — thehackernews.com — 19.12.2025 13:23