WatchGuard | Breaking Cybersecurity News | The Hacker News

WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory. "If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured." The vulnerability impacts the following versions of Fireware OS - 2025.1 - Fixed in 2025.1.4 12.x - Fixed in 12.11.6 1...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1. It was patched by WatchGuard in September. "WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code," CISA said in an advisory. Details of the vulnerability were shared by watchTowr Labs last month, with the cybersecurity company stating that the issue stems from a missing length check on an identification buffer used during the IKE handshake process. "The server does attempt certificate validation, but that valid...

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1. "An out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code," WatchGuard said in an advisory released last month. "This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer." It has been addressed in the following versions - 2025.1 - Fixed in 2025.1.1 12.x - Fixed in 12.11.4 12.3.1 (FIPS-certified release) - Fixed in 12.3.1_Update3 (B722811) 12.5.x (T15 & T35 models) -...