WatchGuard Firebox OS forced to patch worrying security flaw, so update now

2 hours ago 7

Abstract illustration of a firewall protecting servers

(Image credit: Getty Images)

WatchGuard patches critical RCE flaw (CVE‑2025‑14733) in Firebox firewalls, being actively exploited in the wild
CISA added it to KEV; federal agencies must patch or stop use by December 26
Workarounds include disabling dynamic peer BOVPNs and tightening firewall policies until fixes are applied

WatchGuard has patched a critical-severity zero-day vulnerability in its Firebox firewalls, and urged all users to apply the fix immediately.

In a new security advisory, the company said firewalls running Fireware OS 11.x and later, 12.x and later, and 2025.1 up to (and including) 2025.1.3, contained an out-of-bounds write vulnerability that allowed unauthenticated attackers to execute arbitrary code, remotely (RCE). This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.

The flaw is now tracked as CVE-2025-14733, and was given a severity score of 9.3/10 (critical). WatchGuard said it has seen threat actors “actively attempting to exploit” the vulnerability in the wild, but did not discuss which groups were using it, or against whom.

CISA adds the bug to KEV

Those that cannot apply the fix immediately can work around the issue by disabling dynamic peer BOVPNs, adding new firewall policies, and disabling the default system policies that handle VPN traffic.

At the same time, the US Cybersecurity and Infrastructure Security Agency (CISA) added the RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving all Federal Civilian Executive Branch (FCEB) agencies just a one-week deadline to patch up or stop using vulnerable Firebox firewalls entirely.

The entry was added on December 19, with the due date being December 26.

A few months ago, WatchGuard patched a similar RCE bug in its Firebox firewalls, BleepingComputer reported. In October 2025, internet watchdog Shadowserver said there were more than 75,000 exposed instances, with the majority being located in North America, and Europe. This vulnerability, too, was added to CISA’s KEV a few weeks later.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WatchGuard Technologies is a global cybersecurity company that serves more than 250,000 customers worldwide across small and midsize enterprises, MSPs, and other organizations.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read Entire Article