WatchGuard has issued a critical patch for its Firebox firewall appliances due to a severe vulnerability that is currently being exploited. Identified as CVE-2025-14733, the flaw has a CVSS score of 9.3 and involves an Out-of-bounds Write vulnerability in the iked process, which is essential for the IKEv2 key exchange in IPSec VPNs.
This vulnerability poses a significant risk, potentially allowing remote attackers to execute arbitrary code without authentication, thereby gaining control of the affected appliances. WatchGuard made the patch available on December 18, indicating that the vulnerability had already been exploited in the wild prior to the patch’s release.
Administrators are advised to immediately check their Firebox appliances for signs of compromise. The advisories offered by WatchGuard include monitoring outbound connections to specific IP addresses associated with known exploit attempts. Detecting abnormal network traffic, such as IKE_AUTH request messages with unusually large payloads, may also indicate an attempted compromise.
The affected versions of Fireware OS range from 2025.1 to 2025.1.3, 12.0 to 12.11.5, and legacy 11.10.2 to 11.12.4_Update1. Resolutions include updates to versions 2025.1.4, 12.11.6, and 12.3.1_Update4, among others. Notably, there is no fix for the 11.x version, which is now considered end of life.
In addition to applying the patch, WatchGuard has warned that if a Firebox has been configured with mobile user VPNs using IKEv2, or if it retains any configurations that could be vulnerable, further security measures will be needed, including rotating any locally stored secrets.
This incident follows a similar vulnerability addressed by WatchGuard in September (CVE-2025-9242), which also received a CVSS score of 9.3 and was related to the same iked process. Although initially assessed with no reports of active exploitation, by October, evidence emerged that exploitation attempts were already occurring.
Historically, firewalls and VPNs are prime targets for cybercriminals, and vulnerabilities like these underscore the importance of timely patching. Unfortunately, data indicates some WatchGuard users have been slow to apply previous patches, with a significant number of appliances remaining vulnerable even after the critical advisories. As a result, WatchGuard’s security measures, including those concerning the ongoing threat from advanced persistent threat groups, remain more vital than ever.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.