Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fireware OS out-of-bounds write security flaw (CVE-2025-14733)

Vulnerability
First reported
Last updated
Happening score
H score 45
2 unique sources, 2 articles

Summary

Hide ▲

WatchGuard Fireware OS contains CVE-2025-14733, an out-of-bounds write in the iked process that creates remote unauthenticated code execution risk for IKEv2 VPN deployments. WatchGuard said the flaw is actively exploited in the wild, making exposed Firebox systems especially urgent to patch. Fixed builds are available in 2025.1.4, 12.11.6, 12.5.15, and 12.3.1_Update4 (B728352), while some 11.x releases are End-of-Life.

Related Happenings

Check Point VPN CVE-2026-50751 targeted exploitation wave

Exploitation Wave
H score47 First: 08.06.2026 17:17 Last: 08.06.2026 17:17 Sources 1

About this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
H score44 First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
H score38 First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score53 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

CISA orders federal agencies to secure WatchGuard Firebox devices

Public Sector Action
H score89 First: 19.12.2025 12:25 Last: 19.12.2025 12:25 Sources 1

How related: One day after WatchGuard released patches, CISA added CVE-2025-14733 to its Known Exploited Vulnerabilities (KEV) Catalog.

About this happening: **CISA** ordered federal agencies to secure **WatchGuard Firebox** firewalls after tagging **CVE-2025-14733** as **actively exploited in the wild**, raising urgency for exposed fe...

Timeline

  1. 19.12.2025 13:23 2 articles · 6mo ago

    WatchGuard discloses active exploitation of Fireware OS flaw

    Initial Disclosure

    WatchGuard released fixes for CVE-2025-14733 in Fireware OS after confirming real-world exploitation of an out-of-bounds write in the iked process that can let a remote unauthenticated attacker execute arbitrary code on Firebox devices using IKEv2 VPN configurations. The advisory lists attack-source IPs 45.95.19[.]50, 51.15.17[.]89, 172.93.107[.]67, and 199.247.7[.]82, shares indicators of compromise including an oversized CERT payload, a certificate chain longer than 8, iked hangs, and Firebox fault reports, and points administrators to fixed releases 2025.1.4, 12.11.6, 12.5.15, and 12.3.1_Update4 (B728352) as well as temporary branch office VPN mitigations.

    Show sources