An pressing safety replace has been launched to repair a important zero-day vulnerability in WatchGuard Firebox firewalls. With warnings that hackers are already actively exploiting the flaw within the wild to take management of affected units.
The vulnerability, tracked as CVE-2025-14733, carries a important severity rating of 9.3 out of 10. It permits a distant attacker to execute malicious code on the firewall without having a username or password.
The problem is described as an “Out-of-bounds Write” vulnerability positioned within the ike course of, which handles VPN connections on the gadget.
Particularly, the flaw impacts the Cellular Person VPN and Department Workplace VPN (when utilizing IKEv2). It happens when the system tries to course of a connection request.
If an attacker sends a specifically crafted request, they will corrupt the system’s reminiscence and hijack the firewall.
WatchGuard famous that even after deleting a weak VPN configuration, your gadget could stay in danger if a Department Workplace VPN with a static gateway stays lively.
Lively 0-Day Exploitation Detected
WatchGuard confirmed they’ve “noticed menace actors actively making an attempt to use this vulnerability.” To assist directors defend their networks, they launched particular indicators of compromise (IoCs).
Suspicious IP Addresses:
Suspicious IP AddressIndicator45.95.19[.]50Strong signal of attack-related traffic51.15.17[.]89Strong signal of attack-related traffic172.93.107[.]67Strong signal of attack-related traffic199.247.7[.]82Strong signal of attack-related visitors
Directors ought to test their logs for:
IndicatorDescriptionLarge Certificates PayloadsLogs present an IKE_AUTH request with a CERT measurement better than 2000 bytesLong Certificates ChainsErrors report: “Acquired peer certificates chain is longer than 8”Course of CrashesThe iked course of out of the blue hangs or crashes, which can sign an exploit try
WatchGuard has launched software program updates to repair the difficulty. Admins ought to improve to the next variations instantly:
Present Fireware OS VersionRecommended Improve VersionFireware OS 2025.1Upgrade to 2025.1.4Fireware OS 12.xUpgrade to 12.11.6Fireware OS 12.5.x (T15/T35)Improve to 12.5.15
In case you discover proof that your gadget was focused, merely putting in the patch is just not sufficient. WatchGuard recommends rotating all shared secrets and techniques (passwords and keys) saved on the gadget, as attackers could have stolen them.
AI-Powered ISO 27001, SOC 2, NIST, NIS 2, and GDPR Compliance Guidelines => Begin for Free
