top of page
perceptive_background_267k.jpg

New critical WatchGuard Firebox firewall flaw exploited in attacks

Published:

19 december 2025 om 10:25:06

Alert date:

19 december 2025 om 11:02:35

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Network Infrastructure, Zero-Day Vulnerabilities

WatchGuard has issued a critical security warning about an actively exploited remote code execution vulnerability in its Firebox firewalls. The vulnerability is being exploited in active attacks, prompting urgent patching recommendations for customers. This represents a significant security risk as firewalls are critical network security infrastructure components. The active exploitation makes this a high-priority security issue requiring immediate attention from organizations using affected WatchGuard Firebox devices.

Technical details

CVE-2025-14733 is a critical remote code execution vulnerability caused by an out-of-bounds write weakness that enables unauthenticated attackers to execute malicious code remotely on unpatched WatchGuard Firebox devices. The vulnerability affects firewalls running Fireware OS 11.x and later, 12.x or later, and 2025.1 up to and including 2025.1.3. Firewalls are only vulnerable if configured to use IKEv2 VPN, including mobile user VPN with IKEv2 or branch office VPN using IKEv2 to a dynamic gateway peer. Even if these configurations have been deleted, devices may still be vulnerable if a branch office VPN to a static gateway peer is still configured.

Mitigation steps:

Patch vulnerable WatchGuard Firebox firewalls immediately
For organizations unable to patch immediately: disable dynamic peer BOVPNs, add new firewall policies, and disable default system policies that handle VPN traffic
Check devices for indicators of compromise provided by WatchGuard
Rotate all locally stored secrets on vulnerable appliances if signs of malicious activity are found
Review and secure Branch Office VPN (BOVPN) configurations

Affected products:

WatchGuard Firebox T15
T35 (Fireware OS 12.5.x)
WatchGuard Firebox T115-W
T125
T125-W
T145
T145-W
T185 (Fireware OS 2025.1.x)
WatchGuard Firebox T20
T25
T40
T45
T55
T70
T80
T85
M270
M290
M370
M390
M470
M570
M590
M670
M690
M440
M4600
M4800
M5600
M5800
Firebox Cloud
Firebox NV5
FireboxV (Fireware OS 12.x)
WatchGuard Fireware OS 11.x and later (including 11.12.4_Update1)
WatchGuard Fireware OS 12.x or later (including 12.11.5)
WatchGuard Fireware OS 2025.1 up to and including 2025.1.3

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-14733
https://cwe.mitre.org/data/definitions/787.html
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027
http://techsearch.watchguard.com/KB?type=Article&SFDCID=kA1Vr000000DMXNKA4&lang=en_US
https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
https://www.bleepingcomputer.com/news/security/over-75-000-watchguard-security-devices-vulnerable-to-critical-rce/
https://www.bleepingcomputer.com/news/security/cisa-warns-of-watchguard-firewall-flaw-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-of-watchguard-bug-exploited-by-russian-state-hackers/

Related CVE's:

Related threat actors:

IOC's:

WatchGuard shared indicators of compromise to help customers check whether their Firebox devices have been compromised (specific IOCs referenced but not detailed in article)

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page