Ethical Hacking News
WatchGuard has issued a critical security alert warning of a significant vulnerability in their Firebox firewalls, which can be exploited by attackers to execute malicious code remotely on vulnerable devices. The company recommends that administrators take specific steps to mitigate the risk of this vulnerability being exploited.
WatchGuard Technologies has issued a critical security alert due to a remote code execution vulnerability (CVE-2025-9242) in their Firebox firewalls. The vulnerability affects Fireware OS 11.x, 12.x, and 2025.1 versions and is caused by an out-of-bounds write weakness in the iked process. Devices configured to use IKEv2 VPN are at risk, even if vulnerable configurations have been deleted. To mitigate the risk, administrators should temporarily disable Branch Office VPN tunnels, add new firewall policies, and disable default system policies handling VPN traffic.
WatchGuard Technologies has issued a critical security alert warning of a significant vulnerability in their Firebox firewalls. The company's Fireware OS 11.x, 12.x, and 2025.1 are affected by the CVE-2025-9242 remote code execution vulnerability, which can allow attackers to execute malicious code remotely on vulnerable devices following successful exploitation.
The vulnerability is caused by an out-of-bounds write weakness in the WatchGuard Fireware OS iked process. This means that if a device running one of these versions of Fireware OS is configured to use IKEv2 VPN, it may be susceptible to attack. However, even if the vulnerable configurations have been deleted, the firewalls may still be at risk if a branch office VPN to a static gateway peer is still configured.
The vulnerability affects both mobile user VPNs with IKEv2 and branch office VPNs using IKEv2 when configured with a dynamic gateway peer. WatchGuard has stated that even if Firebox devices were previously configured with these settings but have since been deleted, they may still be vulnerable to attack.
To mitigate the risk of this vulnerability being exploited, WatchGuard recommends that administrators take the following steps:
* Temporarily disable Branch Office VPN (BOVPN) tunnels to static gateway peers
* Add new firewall policies
* Disable the default system policies that handle VPN traffic
These measures are outlined in a detailed support document provided by WatchGuard. It is essential for administrators to patch their Firebox devices as soon as possible, even if the vulnerability has not yet been exploited in the wild.
WatchGuard collaborates with over 17,000 security resellers and service providers worldwide to protect the networks of more than 250,000 small and mid-sized companies. Their commitment to providing comprehensive security solutions for customers is evident in their timely response to this critical vulnerability.
In recent years, WatchGuard has faced challenges related to security vulnerabilities, most notably with the CVE-2024-40766 vulnerability that was actively exploited by threat actors. In April 2022, the Cybersecurity and Infrastructure Security Agency (CISA) warned federal civilian agencies to patch their WatchGuard Firebox devices due to this vulnerability.
The recent discovery of the CVE-2025-9242 vulnerability serves as a reminder of the importance of staying vigilant in today's increasingly complex cybersecurity landscape. As threat actors continue to exploit vulnerabilities, it is essential for organizations to prioritize proactive security measures and work closely with vendors like WatchGuard to stay ahead of emerging threats.
In conclusion, the critical vulnerability affecting WatchGuard Firebox firewalls highlights the need for immediate action from administrators and organizations. By taking proactive steps to patch devices and implement recommended mitigation strategies, customers can minimize their exposure to potential exploitation of this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/WatchGuard-Warns-of-Critical-Firebox-Firewall-Vulnerability-What-You-Need-to-Know-ehn.shtml
https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
https://nvd.nist.gov/vuln/detail/CVE-2025-9242
https://www.cvedetails.com/cve/CVE-2025-9242/
Published: Thu Sep 18 03:34:26 2025 by llama3.2 3B Q4_K_M
