WatchGuard has issued an urgent warning regarding a critical zero-day vulnerability in its Firebox firewall appliances that is currently being exploited in the wild.
The flaw, tracked as CVE-2025-14733, allows remote attackers to seize control of affected devices without needing any authentication.
Technical Details and Impact
The vulnerability is an Out-of-Bounds Write flaw located in the iked process, which handles IKEv2 VPN negotiations. It specifically impacts Firebox appliances configured for:
- Mobile user VPNs using IKEv2.
- Branch office VPNs using IKEv2 with a dynamic gateway peer.
This security gap allows an attacker to send a specially crafted request to the firewall, triggering a memory corruption error.
| Feature | Details |
|---|---|
| CVE ID | CVE-2025-14733 |
| Vulnerability Type | Out-of-bounds Write (iked process) |
| Impact | Critical (Remote Code Execution) |
| CVSS Score | 9.3 (Critical) |
Successful exploitation grants the attacker arbitrary code execution, meaning they can run malicious commands, install malware, or take full administrative control of the device.
WatchGuard has confirmed that threat actors are actively attempting to exploit this flaw. Even if a vulnerable VPN configuration was previously deleted, the device may still be at risk if a static branch office VPN remains configured.
Administrators should immediately check their logs for signs of compromise. The iked process crashing or hanging is a strong indicator of an attack.
Additionally, specific log messages related to “Invalid peer certificate chain” or “Abnormally large IKE_AUTH request CERT payload” (greater than 2000 bytes) are key warning signs.
Known malicious activity has been traced to the following IP addresses:
45.95.19[.]5051.15.17[.]89172.93.107[.]67199.247.7[.]82
WatchGuard has released software updates to fix this issue. Administrators must upgrade to Fireware OS 2025.1.4, 12.11.6, or 12.5.15 immediately.
If the device was potentially compromised, it is critical to rotate all locally stored secrets after patching.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.