Firewall vulnerability detected in Firebox models from WatchGuard: essential details revealed
Critical VPN Security Vulnerability Discovered in WatchGuard Firewalls
A critical VPN security vulnerability, tracked as CVE-2025-9242, has been discovered in WatchGuard Fireware OS. This vulnerability affects firewalls running Fireware OS 11.x, 12.x, and 2025.1. The severity score of this vulnerability is 9.2/10, classifying it as critical.
The vulnerability is due to an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process. It may allow a remote unauthenticated attacker to execute arbitrary code, potentially leading to significant security risks.
WatchGuard has issued an official security advisory, WGSA-2025-00015, on September 17, 2025, following the report by user Benjamin T. The first clean versions that address this vulnerability are 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
A workaround for those who cannot apply the fix immediately includes disabling dynamic peer BOVPNs, adding new firewall policies, and disabling the default system policies that handle VPN traffic.
It's important to note that this vulnerability was exploited in the wild by threat actors in early 2025, more than a year after its disclosure. This underscores the importance of timely patching, as organisations often leave their systems exposed for longer periods.
Fortunately, no evidence of abuse in the wild has been found for CVE-2025-9242 so far. However, it's crucial to remain vigilant, as criminals often hunt for vulnerabilities after a patch is released.
In a separate incident, attackers exploited a Fortinet FortiGate vulnerability (CVE-2022-42475) more than a year after its disclosure in late 2022. The attackers used symbolic links to maintain stealthy access, extract credentials, and configuration data in the Fortinet vulnerability case.
This incident serves as a reminder for all organisations to prioritise security updates and regular system checks to protect their networks from potential threats.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
