The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances.
This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems.
The security issue involves an out-of-bounds write in the device’s operating system, specifically the OS iked process.
This means a remote, unauthenticated attacker could exploit the vulnerability to execute arbitrary code on the device without having to log in.
| CVE ID | Vulnerability type | Attack Vector | CWE | Purpose |
|---|---|---|---|---|
| CVE-2025-9242 | Out-of-Bounds Write in OS iked Process | Remote, Unauthenticated | 787 | Potential Arbitrary Code Execution |
Attackers could then use compromised devices to spread malware, steal sensitive data, or compromise organizational networks.
According to CISA, it is unknown whether this vulnerability has been exploited in ransomware attacks to date. However, its critical nature means cybercriminals could target it at any time.
CISA strongly urges organizations using WatchGuard Firebox appliances to follow vendor mitigation instructions immediately.
If mitigations are unavailable or cannot be applied, organizations should consider discontinuing use of the impacted devices.
CISA recommends following the BOD 22-01 guidance for cloud services to minimize risk. With active exploitation detected, WatchGuard Firebox users should act immediately to defend against potential cyber threats.
Timely patching and strict adherence to vendor recommendations are vital to protect networks from attacks stemming from CVE-2025-9242.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
