The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added a important safety flaw impacting WatchGuard Fireware to its Recognized Exploited Vulnerabilities (KEV) catalog, primarily based on proof of energetic exploitation.
The vulnerability in query is CVE-2025-9242 (CVSS rating: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 as much as and together with 11.12.4_Update1, 12.0 as much as and together with 12.11.3 and 2025.1. It was patched by WatchGuard in September.
“WatchGuard Firebox incorporates an out-of-bounds write vulnerability within the OS iked course of which will enable a distant unauthenticated attacker to execute arbitrary code,” CISA stated in an advisory.
Particulars of the vulnerability have been shared by watchTowr Labs final month, with the cybersecurity firm stating that the problem stems from a lacking size test on an identification buffer used through the IKE handshake course of.
“The server does try certificates validation, however that validation occurs after the susceptible code runs, permitting our susceptible code path to be reachable pre-authentication,” safety researcher McCaulay Hudson famous.
In an replace to its advisory on October 21, 2025, WatchGuard stated it has proof suggesting energetic exploitation of the flaw, sharing three indicators of compromise (IoCs) related to the exercise –
- An IKE_AUTH request log message with an abnormally giant IKE_AUTH request IDi payload larger than 100 bytes
- Throughout a profitable exploit, the iked course of will grasp, interrupting VPN connections
- After a failed or profitable exploit, the iked course of will crash and generate a fault report on the Firebox
Based on information from the Shadowserver Basis, greater than 54,300 Firebox cases stay susceptible to the important bug as of November 12, 2025, down from a excessive of 75,955 on October 19.
 |
| Variety of uncovered WatchGuard Firebox cases |
Roughly 18,500 of those units are within the U.S., the scans reveal. Italy (5,400), the U.Ok. (4,000), Germany (3,600), and Canada (3,000) spherical up the highest 5. Federal Civilian Government Department (FCEB) businesses are suggested to use WatchGuard’s patches by December 3, 2025.
The event comes as CISA additionally added CVE-2025-62215 (CVSS rating: 7.0), a not too long ago disclosed flaw in Home windows kernel, and CVE-2025-12480 (CVSS rating: 9.1), an improper entry management vulnerability in Gladinet Triofox, to the KEV catalog. Google’s Mandiant Risk Protection workforce has attributed the exploitation of CVE-2025-12480 to a risk actor it tracks as UNC6485.
(The story was up to date after publication to incorporate data from WatchGuard confirming energetic exploitation efforts.)
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the newest breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s traits immediately: learn extra, subscribe to our publication, and turn into a part of the NextTech group at NextTech-news.com
