A current critical-severity vulnerability in WatchGuard Firebox firewalls has been exploited within the wild, the US cybersecurity company CISA warns.
Powered by WatchGuard’s Fireware OS, the Firebox community safety units management all visitors to and from the inner community, and are designed to guard the atmosphere from exterior threats.
In September, WatchGuard warned {that a} critical-severity out-of-bounds write bug within the Fireware OS iked course of may very well be exploited for unauthenticated distant code execution.
Tracked as CVE-2025-9242 (CVSS rating of 9.3), the safety defect impacts “each the cellular person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” WatchGuard stated.
In late October, simply as WatchTowr revealed a technical writeup on the vulnerability, The Shadowserver Basis warned that its scanners have been seeing over 73,000 Firebox community home equipment that had not been patched in opposition to the bug.
Now, CISA has added CVE-2025-9242 to its Recognized Exploited Vulnerabilities (KEV) checklist, urging federal businesses to patch it inside three weeks, as mandated by Binding Operational Directive (BOD) 22-01.
WatchGuard resolved the difficulty in Fireware OS variations 2025.1.1, 12.11.4, 12.5.13, and 12.3.1_Update3 (B722811), noting that no fixes can be launched for Fireware OS 11.x, which has been discontinued.
On October 21, the seller up to date its advisory to say the flaw’s in-the-wild exploitation and to incorporate indicators of compromise (IOCs).Commercial. Scroll to proceed studying.
“As of this replace, along with putting in the newest Fireware OS launch that accommodates the repair, directors ought to take precautions to rotate all regionally saved secrets and techniques on susceptible Firebox home equipment,” the corporate stated.
CISA added the safety defect to the KEV checklist alongside CVE-2025-12480, a crucial vulnerability in Gladinet’s Triofox safe file sharing and distant entry resolution, and CVE-2025-62215, a privilege escalation bug within the Home windows kernel.
Gladinet patched the Triofox flaw in late July and its exploitation began a month later. The Home windows kernel defect has been exploited as a zero-day.
Associated: Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon
Associated: Runc Vulnerabilities Can Be Exploited to Escape Containers
Associated: CISA Warns of CWP Vulnerability Exploited within the Wild
Associated: CISA Warns of Exploited DELMIA Manufacturing facility Software program Vulnerabilities
