- WatchGuard patches critical RCE flaw (CVE‑2025‑14733) in Firebox firewalls, being actively exploited in the wild
- CISA added it to KEV; federal agencies must patch or stop use by December 26
- Workarounds include disabling dynamic peer BOVPNs and tightening firewall policies until fixes are applied
WatchGuard has patched a critical-severity zero-day vulnerability in its Firebox firewalls, and urged all users to apply the fix immediately.
In a new security advisory, the company said firewalls running Fireware OS 11.x and later, 12.x and later, and 2025.1 up to (and including) 2025.1.3, contained an out-of-bounds write vulnerability that allowed unauthenticated attackers to execute arbitrary code, remotely (RCE). This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
The flaw is now tracked as CVE-2025-14733, and was given a severity score of 9.3/10 (critical). WatchGuard said it has seen threat actors “actively attempting to exploit” the vulnerability in the wild, but did not discuss which groups were using it, or against whom.
CISA adds the bug to KEV
Those that cannot apply the fix immediately can work around the issue by disabling dynamic peer BOVPNs, adding new firewall policies, and disabling the default system policies that handle VPN traffic.
At the same time, the US Cybersecurity and Infrastructure Security Agency (CISA) added the RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving all Federal Civilian Executive Branch (FCEB) agencies just a one-week deadline to patch up or stop using vulnerable Firebox firewalls entirely.
The entry was added on December 19, with the due date being December 26.
A few months ago, WatchGuard patched a similar RCE bug in its Firebox firewalls, BleepingComputer reported. In October 2025, internet watchdog Shadowserver said there were more than 75,000 exposed instances, with the majority being located in North America, and Europe. This vulnerability, too, was added to CISA’s KEV a few weeks later.
WatchGuard Technologies is a global cybersecurity company that serves more than 250,000 customers worldwide across small and midsize enterprises, MSPs, and other organizations.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
