Article Details
Scrape Timestamp (UTC): 2025-12-19 11:26:26.786
Source: https://thehackernews.com/2025/12/watchguard-warns-of-active-exploitation.html
Original Article Text
Click to Toggle View
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability. WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory. "If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured." The vulnerability impacts the following versions of Fireware OS - WatchGuard acknowledged that it has observed threat actors actively attempting to exploit this vulnerability in the wild, with the attacks originating from the following IP addresses - Interestingly, the IP address "199.247.7[.]82" was also flagged by Arctic Wolf earlier this week as linked to the exploitation of two recently disclosed security vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). The Seattle-based company has also shared multiple indicators of compromise (IoCs) that device owners can use to determine if their own instances have been infected - The disclosure comes a little over a month after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another critical WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. It's currently not known if these two sets of attacks are related. Users are advised to apply the updates as soon as possible to secure against the threat. As temporary mitigation for devices with vulnerable Branch Office VPN (BOVPN) configurations, the company has urged administrators to disable dynamic peer BOVPNs, create an alias that includes the static IP addresses of remote BOVPN peers, add new firewall policies that allow access from the alias, and disable the default built-in policies that handle VPN traffic.
Daily Brief Summary
WatchGuard has issued patches for a critical Fireware OS vulnerability (CVE-2025-14733) actively exploited, allowing remote code execution through out-of-bounds write in the iked process.
The flaw affects VPN configurations using IKEv2 with dynamic gateway peers, potentially leaving devices vulnerable even after configuration changes.
Active exploitation attempts have been traced to specific IP addresses, including one linked to recent Fortinet vulnerabilities, raising concerns about coordinated attack efforts.
WatchGuard has provided indicators of compromise (IoCs) to help device owners identify potential breaches and assess their exposure to the threat.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a related WatchGuard vulnerability to its Known Exploited Vulnerabilities catalog, emphasizing the urgency for patch application.
Administrators are advised to apply updates promptly and implement temporary mitigations, such as disabling dynamic peer BOVPNs and adjusting firewall policies, to protect against ongoing attacks.
The situation underscores the critical need for timely vulnerability management and proactive defense strategies in safeguarding network infrastructure.