Connect with us

Hi, what are you looking for?

Technology

Critical RCE Vulnerability Exposes 115,000 WatchGuard Firewalls

Over 115,000 WatchGuard Firebox devices are vulnerable to a serious remote code execution (RCE) flaw that is currently being exploited in cyberattacks. This vulnerability, identified as CVE-2025-14733, affects Firebox firewalls running Fireware OS 11.x and later versions, including 11.12.4_Update1, as well as 12.x and 2025.1 up to and including 2025.1.3. Attackers can exploit this flaw to execute arbitrary code remotely without requiring user interaction, posing a significant risk to organizations worldwide.

WatchGuard Technologies issued an advisory on Thursday detailing the vulnerability and the security updates to mitigate it. They confirmed that unpatched Firebox firewalls are particularly susceptible to attacks if configured to use IKEv2 VPN. Even if these configurations are removed, devices may still be at risk if a Branch Office VPN (BOVPN) to a static gateway peer remains active. The National Vulnerability Database (NVD) reports that the vulnerability arises from an out-of-bounds write issue in the OS iked process, affecting both mobile user VPNs and branch office VPNs configured with dynamic gateway peers.

Shadowserver, an internet security watchdog, reported on Saturday that over 124,658 unpatched Firebox instances were exposed online, with 117,490 remaining vulnerable by Sunday. Following the release of patches from WatchGuard, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14733 to its Known Exploited Vulnerabilities (KEV) Catalog. CISA has mandated that Federal Civilian Executive Branch agencies, including the Department of Energy and the Department of Homeland Security, must address the issue by December 26, 2025, in accordance with Binding Operational Directive 22-01.

“Vulnerabilities of this nature are common attack vectors for malicious cyber actors and represent substantial risks to federal enterprises,” CISA warned. The agency urged organizations to implement mitigations as instructed by vendors, adhere to applicable guidance for cloud services, or discontinue the use of vulnerable products if effective mitigations are unavailable.

This is not the first time WatchGuard has faced such challenges. In September, the company addressed a similar RCE vulnerability, CVE-2025-9242, which also affected Firebox firewalls. Following this, Shadowserver identified over 75,000 vulnerable devices, primarily in North America and Europe. CISA subsequently classified this security flaw as actively exploited and ordered federal agencies to secure their Firebox appliances.

In 2021, CISA had also mandated U.S. government agencies to patch another actively exploited flaw, CVE-2022-23176, affecting both Firebox and XTM firewall appliances. WatchGuard Technologies collaborates with over 17,000 security resellers and service providers, safeguarding the networks of more than 250,000 small and mid-sized companies globally.

With the escalating cyber threat landscape, organizations are urged to prioritize cybersecurity measures and ensure that their systems are updated to prevent exploitation of such vulnerabilities.

Trending

You May Also Like

Top Stories

UPDATE: NASA is inviting everyone on Earth to send their name to the Moon aboard the Artemis II mission, set to launch no later...

Science

The prophecies of the 16th-century French astrologer Nostradamus continue to captivate audiences as we approach 2026. His cryptic insights, compiled in his 1555 publication...

Top Stories

UPDATE: Authorities have charged 27-year-old Steven Tyler Whitehead with murder following a tragic shooting that critically injured Kimber Mills, a senior cheerleader at Cleveland...

Top Stories

UPDATE: In a stunning turn of events, 18-year-old influencer Piper Rockelle has shattered the previous OnlyFans earnings record set by fellow content creator Sophie...

Top Stories

UPDATE: Pop superstar Ariana Grande is on the road to recovery after testing positive for COVID-19. Her brother, Frankie Grande, shared the encouraging news...

Sports

The UFC event in Abu Dhabi on July 26, 2025, featured a record-breaking performance from Steven Nguyen, who achieved an unprecedented feat by knocking...

Top Stories

URGENT UPDATE: Affordable motorcycle helmets under ₹1000 are now available for safety-conscious riders across India. With road safety becoming a pressing issue, these helmets...

Entertainment

**Kat Izzo Defends Relationship with Dale Moss Amid Controversy** Kat Izzo, a contestant from the reality series *Bachelor in Paradise*, publicly affirmed her relationship...

Entertainment

The upcoming Netflix series, Bon Appétit, Your Majesty, is making headlines due to a significant casting change just ten days before filming commenced. Originally...

Top Stories

UPDATE: Sydney Sweeney’s Baskin-Robbins advertisement is making waves online as backlash intensifies over her recent American Eagle campaign. Just days after critics condemned the...

Top Stories

UPDATE: Chicago Cubs designated hitter Kyle Tucker may have just played his last game for the team as free agency approaches. Following the Cubs’...

Lifestyle

Shares of **Amerant Bancorp** (NYSE:AMTB) received an upgrade from Wall Street Zen on March 10, 2024, transitioning from a hold rating to a buy...

Copyright © All rights reserved. This website provides general news and educational content for informational purposes only. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. The content should not be considered professional advice of any kind. Readers are encouraged to verify facts and consult appropriate experts when needed. We are not responsible for any loss or inconvenience resulting from the use of information on this site.