September 18, 2025 By Sergiu Gatlan
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls.
Tracked as CVE-2025-9242, this critical security flaw is caused by an out-of-bounds write weakness that can allow attackers to execute malicious code remotely on vulnerable devices following successful exploitation.
CVE-2025-9242 affects firewalls running Fireware OS 11.x (end of life), 12.x, and 2025.1, and was fixed in versions 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
While Firebox firewalls are only vulnerable to attacks if they are configured to use IKEv2 VPN, WatchGuard added that they may still be at risk of compromise, even if the vulnerable configurations have been deleted, if a branch office VPN to a static gateway peer is still configured.
"An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company warned in a Wednesday advisory.
