Keypoints
- CISA urges federal agencies to patch the actively exploited vulnerability in WatchGuard Firebox firewalls by December 3.
- The vulnerability (CVE-2025-9242) involves an out-of-bounds write flaw in Fireware OS versions 11.x, 12.x, and 2025.1.
- Over 54,000 vulnerable Firebox appliances are still active worldwide, mainly in Europe and North America.
- Threat actors, including the Akira ransomware gang, actively exploit similar firewall vulnerabilities like CVE-2024-40766.
- Organizations outside the federal sector are also advised to patch promptly to protect against targeting of firewalls by malicious actors.