CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

Posted on By CWS

Nov 13, 2025Ravie LakshmananVulnerability / Community Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added a important safety flaw impacting WatchGuard Fireware to its Recognized Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation.
The vulnerability in query is CVE-2025-9242 (CVSS rating: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 as much as and together with 11.12.4_Update1, 12.0 as much as and together with 12.11.3 and 2025.1.
“WatchGuard Firebox accommodates an out-of-bounds write vulnerability within the OS iked course of that will permit a distant unauthenticated attacker to execute arbitrary code,” CISA mentioned in an advisory.
Particulars of the vulnerability had been shared by watchTowr Labs final month, with the cybersecurity firm stating that the difficulty stems from a lacking size examine on an identification buffer used through the IKE handshake course of.

“The server does try certificates validation, however that validation occurs after the susceptible code runs, permitting our susceptible code path to be reachable pre-authentication,” safety researcher McCaulay Hudson famous.
There are at the moment no particulars on how the safety defect is being exploited and what is the scale of such efforts. In keeping with knowledge from the Shadowserver Basis, greater than 54,300 Firebox situations stay susceptible to the important bug as of November 12, 2025, down from a excessive of 75,955 on October 19.
Roughly 18,500 of those gadgets are within the U.S., the scans reveal. Italy (5,400), the U.Okay. (4,000), Germany (3,600), and Canada (3,000) spherical up the highest 5. Federal Civilian Government Department (FCEB) companies are suggested to use WatchGuard’s patches by December 3, 2025.
The event comes as CISA additionally added CVE-2025-62215 (CVSS rating: 7.0), a lately disclosed flaw in Home windows kernel, and CVE-2025-12480 (CVSS rating: 9.1), an improper entry management vulnerability in Gladinet Triofox, to the KEV catalog. Google’s Mandiant Menace Protection group has attributed the exploitation of CVE-2025-12480 to a menace actor it tracks as UNC6485.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats The Hacker News
Microsoft Addresses 206 Security Vulnerabilities, Including Zero-Days Microsoft Addresses 206 Security Vulnerabilities, Including Zero-Days The Hacker News
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans The Hacker News
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware The Hacker News
Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month The Hacker News
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs The Hacker News