Greater than 73,000 WatchGuard Firebox units stay unpatched towards a current critical-severity vulnerability, information from The Shadowserver Basis exhibits.
Community safety units operating WatchGuard’s Fireware OS, Firebox home equipment management all site visitors to and from the interior community, and provide VPN and proxy capabilities.
Whereas these firewalls are supposed to defend the community from exterior threats, units operating Fireware OS variations 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1 are affected by a critical-severity bug that enables unauthenticated distant attackers to execute arbitrary code.
Tracked as CVE-2025-9242 (CVSS rating of 9.3) and described as an out-of-bounds write situation within the platform’s ‘iked’ course of, the safety defect “impacts each the cellular person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer.”
As WatchTowr summarizes in a technical writeup, the flaw impacts a service usually accessible from the web, it may be exploited with out authentication, and allows attackers to execute arbitrary code on community home equipment.
In mid-September, WatchGuard launched Fireware OS variations 2025.1.1, 12.11.4, 12.5.13, and 12.3.1_Update3 (B722811) with fixes for the vulnerability, warning that over 30 firewall fashions are affected, together with Firebox Cloud, Firebox NV5, and FireboxV.
“If the Firebox was beforehand configured with the cellular person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be weak if a department workplace VPN to a static gateway peer remains to be configured,” the corporate warned.
In response to WatchGuard, it has over 250,000 small and midsize enterprises as prospects. This means that there is perhaps a whole bunch of hundreds of Firebox units deployed in manufacturing worldwide.Commercial. Scroll to proceed studying.
As of October 20, one month after patches have been launched for CVE-2025-9242, greater than 73,800 Fireboxes stay weak to the important bug, scans carried out by The Shadowserver Basis reveal.
Roughly 24,000 of those units are within the US, the scans present. Germany (7,000), Italy (6.500), UK (5.300), and Canada (3.900) spherical up the highest 5, with the remaining unfold throughout greater than 100 international locations.
Organizations are suggested to use WatchGuard’s patches as quickly as potential, given the dangers related to the vulnerability.
Associated: ConnectWise Patches Vital Flaw in Automate RMM Instrument
Associated: Home windows 10 Nonetheless on Over 40% of Gadgets as It Reaches Finish of Help
Associated: Attaining Sustainable Cybersecurity By way of Correct Care and Feeding
Associated: Work-from-Wherever Requires “Work-from-Wherever Safety”
