WatchGuard has issued urgent patches for a critical zero-day vulnerability in its Firebox firewall appliances after reports confirmed it is actively exploited in the wild. The flaw, tracked as CVE-2025-14733, carries a CVSS score of 9.3, indicating high severity.
Details of the Vulnerability
The zero-day affects the iked process of Fireware OS, the operating system running WatchGuard Firebox devices. Security researchers describe the flaw as an out-of-bounds write, which could allow remote, unauthenticated attackers to execute arbitrary code on vulnerable devices.
WatchGuard confirms that the vulnerability impacts Fireware OS versions 11.x, 12.x, and 2025.x. Patches have been released in the following versions:
- 2025.1.4
- 12.11.6
- 12.5.15
- 12.3.1_Update4 (B728352)
No fix will be provided for Fireware OS 11.x, as it has reached end-of-life.
Scope and Risk
The Shadowserver Foundation reports that around 125,000 IP addresses are associated with vulnerable WatchGuard firewalls, including nearly 40,000 in the United States.
The vulnerability primarily affects:
- Mobile user VPNs using IKEv2
- Branch office VPNs using IKEv2 configured with a dynamic gateway peer
Even Firebox instances with previously deleted flawed configurations may remain vulnerable if a branch office VPN to a static gateway peer is configured.
WatchGuard warns that threat actors are actively targeting the flaw, and has provided indicators-of-attack (IoAs) to help network defenders detect and mitigate exploitation attempts.
Federal Advisory and Response
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14733 to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch affected systems within a week. Under standard Binding Operational Directive (BOD) 22-01 rules, agencies typically have three weeks, but the urgency of this exploited flaw demands faster action.
WatchGuard Firebox firewalls are designed to secure organizational networks by controlling inbound and outbound traffic, making timely remediation critical to prevent potential breaches.
