Dec 19, 2025Ravie LakshmananVulnerability / Community Safety
WatchGuard has launched fixes to deal with a vital safety flaw in Fireware OS that it mentioned has been exploited in real-world assaults.
Tracked as CVE-2025-14733 (CVSS rating: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked course of that might permit a distant unauthenticated attacker to execute arbitrary code.
“This vulnerability impacts each the cell consumer VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” the corporate mentioned in a Thursday advisory.
“If the Firebox was beforehand configured with the cell consumer VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be weak if a department workplace VPN to a static gateway peer continues to be configured.”
The vulnerability impacts the next variations of Fireware OS –
2025.1 – Mounted in 2025.1.4
12.x – Mounted in 12.11.6
12.5.x (T15 & T35 fashions) – Mounted in 12.5.15
12.3.1 (FIPS-certified launch) – Mounted in 12.3.1_Update4 (B728352)
11.x (11.10.2 as much as and together with 11.12.4_Update1) – Finish-of-Life
WatchGuard acknowledged that it has noticed risk actors actively making an attempt to take advantage of this vulnerability within the wild, with the assaults originating from the next IP addresses –
Apparently, the IP handle “199.247.7[.]82” was additionally flagged by Arctic Wolf earlier this week as linked to the exploitation of two not too long ago disclosed safety vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8).
The Seattle-based firm has additionally shared a number of indicators of compromise (IoCs) that system house owners can use to find out if their very own cases have been contaminated –
A log message stating “Obtained peer certificates chain is longer than 8. Reject this certificates chain” when the Firebox receives an IKE2 Auth payload with greater than 8 certificates
An IKE_AUTH request log message with an abnormally giant CERT payload dimension (higher than 2000 bytes)
Throughout a profitable exploit, the iked course of will grasp, interrupting VPN connections
After a failed or profitable exploit, the IKED course of will crash and generate a fault report on the Firebox
The disclosure comes a bit over a month after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added one other vital WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS rating: 9.3) to its Identified Exploited Vulnerabilities (KEV) catalog after reviews of energetic exploitation.
It is at present not recognized if these two units of assaults are associated. Customers are suggested to use the updates as quickly as potential to safe in opposition to the risk.
As non permanent mitigation for units with weak Department Workplace VPN (BOVPN) configurations, the corporate has urged directors to disable dynamic peer BOVPNs, create an alias that features the static IP addresses of distant BOVPN friends, add new firewall insurance policies that permit entry from the alias, and disable the default built-in insurance policies that deal with VPN site visitors.
