- WatchGuard patches important RCE flaw (CVE‑2025‑14733) in Firebox firewalls, being actively exploited within the wild
- CISA added it to KEV; federal companies should patch or cease use by December 26
- Workarounds embody disabling dynamic peer BOVPNs and tightening firewall insurance policies till fixes are utilized
WatchGuard has patched a critical-severity zero-day vulnerability in its Firebox firewalls, and urged all customers to use the repair instantly.
In a brand new safety advisory, the corporate mentioned firewalls working Fireware OS 11.x and later, 12.x and later, and 2025.1 as much as (and together with) 2025.1.3, contained an out-of-bounds write vulnerability that allowed unauthenticated attackers to execute arbitrary code, remotely (RCE). This vulnerability impacts each the Cell Consumer VPN with IKEv2 and the Department Workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer.
The flaw is now tracked as CVE-2025-14733, and was given a severity rating of 9.3/10 (important). WatchGuard mentioned it has seen menace actors “actively trying to use” the vulnerability within the wild, however didn’t focus on which teams had been utilizing it, or towards whom.
CISA provides the bug to KEV
Those who can not apply the repair instantly can work across the challenge by disabling dynamic peer BOVPNs, including new firewall insurance policies, and disabling the default system insurance policies that deal with VPN visitors.
On the identical time, the US Cybersecurity and Infrastructure Safety Company (CISA) added the RCE flaw to its Recognized Exploited Vulnerabilities (KEV) catalog, giving all Federal Civilian Govt Department (FCEB) companies only a one-week deadline to patch up or cease utilizing weak Firebox firewalls totally.
The entry was added on December 19, with the due date being December 26.
A couple of months in the past, WatchGuard patched an identical RCE bug in its Firebox firewalls, BleepingComputer reported. In October 2025, web watchdog Shadowserver mentioned there have been greater than 75,000 uncovered situations, with the bulk being situated in North America, and Europe. This vulnerability, too, was added to CISA’s KEV a couple of weeks later.
WatchGuard Applied sciences is a world cybersecurity firm that serves greater than 250,000 prospects worldwide throughout small and midsize enterprises, MSPs, and different organizations.
By way of BleepingComputer
The very best antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most well-liked supply to get our professional information, evaluations, and opinion in your feeds. Make certain to click on the Comply with button!
And naturally you can too observe TechRadar on TikTok for information, evaluations, unboxings in video kind, and get common updates from us on WhatsApp too.
