Researchers have uncovered a critical vulnerability in WatchGuard Fireware, allowing unauthenticated remote code execution via an out-of-bounds write flaw. This vulnerability affects multiple versions of Fireware OS, posing a significant risk for organizations using VPN services. #WatchGuardFireware #IKEv2Vulnerability
Keypoints
- The vulnerability CVE-2025-9242 has a high severity score of 9.3 on the CVSS scale.
- It allows attackers to execute arbitrary code on affected devices before authentication.
- The flaw impacts Fireware OS versions from 11.10.2 to 12.11.3 and 2025.1, including specific models.
- The vulnerability specifically affects VPN configurations using IKEv2 with dynamic gateways.
- Organizations are urged to patch their systems promptly to prevent exploitation.