WatchGuard has launched safety updates to handle a distant code execution vulnerability impacting the corporate’s Firebox firewalls.
Tracked as CVE-2025-9242, this essential safety flaw is brought on by an out-of-bounds write weak point that may enable attackers to execute malicious code remotely on susceptible gadgets following profitable exploitation.
CVE-2025-9242 impacts firewalls operating Fireware OS 11.x (finish of life), 12.x, and 2025.1, and was fastened in variations 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
Whereas Firebox firewalls are solely susceptible to assaults if they’re configured to make use of IKEv2 VPN, WatchGuard added that they could nonetheless be susceptible to compromise, even when the susceptible configurations have been deleted, if a department workplace VPN to a static gateway peer remains to be configured.
“An Out-of-bounds Write vulnerability within the WatchGuard Fireware OS iked course of might enable a distant unauthenticated attacker to execute arbitrary code. This vulnerability impacts each the cell person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” the corporate warned in a Wednesday advisory.
“If the Firebox was beforehand configured with the cell person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should still be susceptible if a department workplace VPN to a static gateway peer remains to be configured.”
| Product department | Weak firewalls |
|---|---|
| Fireware OS 12.5.x | T15, T35 |
| Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
| Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
WatchGuard additionally supplies a short lived workaround for directors who cannot instantly patch gadgets operating susceptible software program configured with Department Workplace VPN (BOVPN) tunnels to static gateway friends.
This requires them to disable dynamic peer BOVPNs, add new firewall insurance policies, and disable the default system insurance policies that deal with VPN visitors, as outlined in this help doc, which supplies detailed directions on learn how to safe entry to BOVPNs that use IPSec and IKEv2.
Whereas this essential vulnerability is just not but being exploited within the wild, admins are nonetheless suggested to patch their WatchGuard Firebox gadgets, as menace actors think about firewalls a sexy goal. As an illustration, the Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity vulnerability, to compromise SonicWall firewalls.
Two years in the past, in April 2022, the Cybersecurity and Infrastructure Safety Company (CISA) additionally ordered federal civilian companies to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall home equipment.
WatchGuard collaborates with over 17,000 safety resellers and repair suppliers to guard the networks of greater than 250,000 small and mid-sized firms worldwide,
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration developments.
