Ethical Hacking News
CISA has warned government agencies to patch a critical WatchGuard firewall flaw that has been exploited in attacks. The vulnerability, identified as CVE-2025-9242, allows remote attackers to execute malicious code remotely on vulnerable devices. Organizations are urged to apply patches and take mitigations per vendor instructions to prevent further exploitation.
CISA has issued a warning about a critical WatchGuard Firebox firewall vulnerability (CVE-2025-9242) that allows remote attackers to execute malicious code.The vulnerability impacts Fireware OS 11.x, 12.x, and 2025.1, and has been deemed a high-risk threat by CISA.CISA has given federal agencies three weeks to secure their systems against ongoing attacks until December 3.The agency is urging organizations to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.This is not the first time CISA has warned about a WatchGuard firewall vulnerability, with previous warnings issued in April 2022.WatchGuard released security patches on September 17, but only tagged the vulnerability as exploited after October 21.The number of vulnerable Firebox appliances worldwide has fallen to around 54,000, most located in Europe and North America.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning to government agencies and organizations worldwide to patch an actively exploited vulnerability impacting WatchGuard Firebox firewalls. The critical security flaw, identified as CVE-2025-9242, allows remote attackers to execute malicious code remotely on vulnerable devices by exploiting an out-of-bounds write weakness in firewalls running Fireware OS 11.x (end of life), 12.x, and 2025.1.
According to CISA, the vulnerability was added to its Known Exploited Vulnerabilities (KEV) catalog and has been deemed a high-risk threat. The agency has given Federal Civilian Executive Branch (FCEB) agencies three weeks, until December 3, to secure their systems against ongoing attacks as mandated by the Binding Operational Directive (BOD) 22-01.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA stated in its alert. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
This is not the first time that CISA has warned about a WatchGuard firewall vulnerability. In April 2022, the agency ordered federal civilian agencies to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.
While WatchGuard released security patches to address the vulnerability on September 17, the company only tagged it as exploited in attacks almost one month later, on October 21. This delay has raised concerns about the effectiveness of WatchGuard's patching process and the agency's ability to respond to emerging threats.
Furthermore, Shadowserver revealed that it was tracking over 75,000 vulnerable Firebox appliances worldwide just a day after the vulnerability was publicly disclosed. However, according to Shadowserver's latest statistics, the number of vulnerable devices has fallen to just over 54,000, most of them located in Europe and North America.
Vulnerable WatchGuard Firebox appliances (Shadowserver)
The Akira ransomware gang has been actively exploiting CVE-2024-40766, a year-old critical-severity vulnerability, to hack into SonicWall firewalls since September 2024. This incident highlights the importance of timely patching and the need for organizations to prioritize their cybersecurity efforts.
In addition to this warning, CISA also ordered federal agencies to patch a Windows Kernel vulnerability (CVE-2025-62215) that was exploited in zero-day attacks. The vulnerability allows a local attacker with low-level privileges to gain SYSTEM-level access, making it a significant threat to the security of Windows-based systems.
The 2026 CISO Budget Benchmark report provides valuable insights into the cybersecurity strategies and priorities of top leaders in the industry. This report can serve as a valuable resource for organizations looking to improve their cybersecurity posture and stay ahead of emerging threats.
In conclusion, the CISA warning about the WatchGuard firewall flaw exploited in attacks serves as a reminder of the importance of timely patching and the need for organizations to prioritize their cybersecurity efforts. By taking proactive steps to address this vulnerability and staying up-to-date with the latest security patches and guidance, organizations can minimize the risk of successful cyberattacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-WatchGuard-Firewall-Flaw-Exploited-in-Attacks-Urges-Prompt-Patching-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-warns-of-watchguard-firewall-flaw-exploited-in-attacks/
https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html
https://cyberpress.org/cisa-warns-watchguard-firebox-out-of-bounds-write-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2025-9242
https://www.cvedetails.com/cve/CVE-2025-9242/
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
https://www.cvedetails.com/cve/CVE-2024-40766/
https://nvd.nist.gov/vuln/detail/CVE-2025-62215
https://www.cvedetails.com/cve/CVE-2025-62215/
Published: Thu Nov 13 04:16:00 2025 by llama3.2 3B Q4_K_M
