WatchGuard has launched safety updates to deal with a distant code execution vulnerability impacting the corporate’s Firebox firewalls.
Tracked as CVE-2025-9242, this essential safety flaw is attributable to an out-of-bounds write weak spot that may permit attackers to execute malicious code remotely on weak gadgets following profitable exploitation.
CVE-2025-9242 impacts firewalls operating Fireware OS 11.x (finish of life), 12.x, and 2025.1, and was mounted in variations 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
Whereas Firebox firewalls are solely weak to assaults if they’re configured to make use of IKEv2 VPN, WatchGuard added that they might nonetheless be prone to compromise, even when the weak configurations have been deleted, if a department workplace VPN to a static gateway peer remains to be configured.
“An Out-of-bounds Write vulnerability within the WatchGuard Fireware OS iked course of might permit a distant unauthenticated attacker to execute arbitrary code. This vulnerability impacts each the cell person VPN with IKEv2 and the department workplace VPN utilizing IKEv2 when configured with a dynamic gateway peer,” the corporate warned in a Wednesday advisory.
“If the Firebox was beforehand configured with the cell person VPN with IKEv2 or a department workplace VPN utilizing IKEv2 to a dynamic gateway peer, and each of these configurations have since been deleted, that Firebox should be weak if a department workplace VPN to a static gateway peer remains to be configured.”
| Product department | Susceptible firewalls |
|---|---|
| Fireware OS 12.5.x | T15, T35 |
| Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
| Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
WatchGuard additionally gives a short lived workaround for directors who cannot instantly patch gadgets operating weak software program configured with Department Workplace VPN (BOVPN) tunnels to static gateway friends.
This requires them to disable dynamic peer BOVPNs, add new firewall insurance policies, and disable the default system insurance policies that deal with VPN visitors, as outlined in this assist doc, which gives detailed directions on easy methods to safe entry to BOVPNs that use IPSec and IKEv2.
Whereas this essential vulnerability isn’t but being exploited within the wild, admins are nonetheless suggested to patch their WatchGuard Firebox gadgets, as risk actors contemplate firewalls a beautiful goal. As an example, the Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity vulnerability, to compromise SonicWall firewalls.
Two years in the past, in April 2022, the Cybersecurity and Infrastructure Safety Company (CISA) additionally ordered federal civilian businesses to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall home equipment.
WatchGuard collaborates with over 17,000 safety resellers and repair suppliers to guard the networks of greater than 250,000 small and mid-sized firms worldwide,
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration developments.
