CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-14733

CVSS 9.3v4.0pub. 2025-12-19upd. 2025-12-23

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
  • Watchguard Fireboxcloud

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M270

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M290

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M370

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M390

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M440

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M4600

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M470

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M4800

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M5600

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M570

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M5800

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M590

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M670

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox M690

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox Nv5

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T115 W

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T125

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T125 W

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T145

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T145 W

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T15

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T185

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T20

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T25

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T35

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T40

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T45

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T55

    HW
    Watchguard
    wszystkie wersje
  • Watchguard Firebox T70

    HW
    Watchguard
    wszystkie wersje

CISA KEV — detailsi

Vendori
WatchGuard
Producti
Firebox
Added to KEVi
December 19, 2025
Remediation deadline (US Federal)i
December 26, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 26 grudnia 2025
Tags
RCEAuth BypassMemoryVPN
CWE
References

Related vulnerabilities

CVE-2025-9242CRITICAL9.3⚠ KEVPL ✓ten sam produkt

RCE przez Out-of-bounds Write w WatchGuard Fireware OS (IKEv2 VPN)

CVE-2022-26318CRITICAL9.8⚠ KEVten sam produkt

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. T...

CVE-2022-31789CRITICAL9.8ten sam produkt

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trig...

CVE-2022-25361CRITICAL9.1ten sam produkt

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from ...

CVE-2022-23176HIGH8.8⚠ KEVten sam produkt

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the syst...