• Business

    WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    WatchGuard warns users Firebox firewalls may have a critical issue - here's what we know

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Cisco warns of worrying major security flaw in firewall command center, so patch now

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

    Cisco ISE maximum severity flaw lets hackers execute root code

    Citrix patches a trio of high-severity security bugs, so be on your guard

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    CitrixBleed 2 flaws are officially here – so get patching or leave your systems at risk

    Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know

    Fortinet VPNs under attack from potential zero-day – FortiSIEM security tools also at risk, so be on your guard

    CitrixBleed 2 exploits are now in the wild, so patch now

    Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

    Trend Micro tells users to patch immediately to protect from Apex One zero-day

    CISA warns hackers are actively exploiting critical CitrixBleed 2

    Passwordstate users should patch this auth bypass vulnerability immediately, company says

    FBI warns Russian hackers are targeting an old Cisco security flaw, so patch now

    WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know

    Sead Fadilpašić

    19 September 2025

    A critical flaw was found in a popular WatchGuard firewall

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    Image credit: Pixabay
    (Image credit: Pixabay)

    WatchGuard patched a critical VPN vulnerability allowing remote code execution on Firebox firewalls
    CVE-2025-9242 affects dynamic gateway peer configurations, even after removal in some cases
    No exploitation seen yet, but delayed patching leaves systems exposed to future targeted attacks

    WatchGuard has fixed a critical-severity vulnerability affecting its Firebox firewalls and is urging users to apply the newly released patch without hesitation.

    In a security advisory, the company said it addressed an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process, which “may allow a remote unauthenticated attacker to execute arbitrary code”.
    The vulnerability was said to affect both the mobile user VPN with IKEv2, and the branch office VPN using IKEv2, when configured with a dynamic gateway peer. Furthermore, if the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both configurations were subsequently removed, the Firebox may still be vulnerable “if a branch office VPN to a static gateway peer is still configured”.

    You may like

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Cisco warns of worrying major security flaw in firewall command center, so patch now

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

    The vulnerability is now tracked as CVE-2025-9242, and was given a severity score of 9.2/10 (critical). It affects firewalls running Fireware OS 11.x (end of life), 12.x, and 2025.1. The first clean version is 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.

    Those who are unable to apply the fix immediately can deploy a workaround that includes disabling dynamic peer BOVPNs, adding new firewall policies, and disabling the default system policies that handle VPN traffic.
    So far, there has been no evidence of abuse in the wild.
    However, many criminals only start hunting for vulnerabilities after a patch is released, knowing that organizations rarely patch on time and often keep their systems exposed for longer periods of time.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    For example, in early 2025, threat actors exploited a Fortinet FortiGate vulnerability, tracked as CVE-2022-42475, more than a year after its disclosure.
    Despite available patches, many devices remained exposed, while attackers used symbolic links to maintain stealthy access, extract credentials, and configuration data.
    Via BleepingComputer
    You might also like

    Colt confirms customer data stolen as Warlock ransomware crew auctions off details
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Cisco warns of worrying major security flaw in firewall command center, so patch now

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

    Cisco ISE maximum severity flaw lets hackers execute root code

    Citrix patches a trio of high-severity security bugs, so be on your guard

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    Latest in Security

    VPS servers hijacked into malware proxies – here’s how to stay safe

    New Gold Salem ransomware could be the most worrying new strain we’ve seen for a while

    Most companies admit their current security can’t stop AI cybercrime

    SonicWall customers told to reset credentials following firewall data breach

    CrowdStrike snaps up Pangea to boost AI security

    Top VC firm is warning thousands their data may have been hacked – here’s how to stay safe

    Latest in News

    Nvidia gained $150 billion on Intel announcement, more than Intel market capitalization – netting a 30x return on its investment in 24 hours with just $5 billion

    Anker’s power bank recall hits almost half a million batteries – here’s how to check if you’re affected and what to do

    WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know

    The end of Nest? Google’s mysterious speaker stars in new leak that hints at smart home shakeup

    Peacemaker star Frank Grillo breaks down Rick Flag Sr’s brutal beatdown of Chris Smith in season 2 episode 6: ‘It’s like a volcano erupting’

    Over half of SMB employees say they’re considering quitting – so how can bosses keep their best talent?

    LATEST ARTICLES

    Nvidia gained $150 billion on Intel announcement, more than Intel market capitalization – netting a 30x return on its investment in 24 hours with just $5 billion

    NYT Connections hints and answers for Saturday, September 20 (game #832)

    NYT Strands hints and answers for Saturday, September 20 (game #566)

    Quordle hints and answers for Saturday, September 20 (game #1335)

    I tried Logitech G’s new RS50 racing sim kit, and it left me impressed and a little humbled – here’s why

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like