A critical vulnerability in WatchGuard Firebox firewalls has been actively exploited in the wild, prompting CISA to issue urgent patching advice. The bug affects VPN capabilities and has resulted in a high CVSS score of 9.3. #CVE2025-9242 #WatchGuardFirebox #CISA #FirewareOS
Keypoints
- A critical severity flaw was found in WatchGuard Firebox devices affecting their VPN functions.
- The vulnerability, CVE-2025-9242, allows unauthenticated remote code execution when exploited.
- Over 73,000 devices remain unpatched, increasing the risk of widespread attacks.
- CISA has added the vulnerability to its KEV list and urges timely patching for federal agencies.
- WatchGuard has released updates, but users of older Fireware OS versions are advised to upgrade immediately.
Read More: https://www.securityweek.com/critical-watchguard-firebox-vulnerability-exploited-in-attacks/