WatchGuard on Sept. 17 issued fixes to an out-of-bounds write vulnerability for the Fireware OS built into its Firebox firewalls that could lead to an unauthenticated remote code execution (RCE).In its advisory, WatchGuard said the 9.3 flaw — CVE-2025-9242 — affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to an including 12.11.3, and 2025.1.“A CVSS 9.3 score for a vulnerability in a perimeter defense appliance like a firewall is the cyber equivalent of a five-alarm fire,” said Frankie Sclafani, director of cybersecurity enablement at Deepwatch. “CVE-2025-9242 is a critical flaw allowing unauthenticated remote code execution on the very device meant to protect the network. For any organization, compromising the firewall is the ultimate tactical win for an attacker, offering a perfect beachhead to pivot deeper into the corporate network.”Sclafani said organizations must understand that this out-of-bounds write flaw in the Fireware OS process is a direct path from the internet to the core of their security infrastructure. Sclafani said while the initial trigger is an IKEv2 VPN configuration, the most urgent detail is the risk WatchGuard warned about: even if the easily identifiable dynamic IKEv2 VPN configurations are deleted, the device may still be vulnerable if a branch office VPN to a static gateway peer remains active.“This subtlety means that relying solely on disabling the service may not be enough,” said Sclafani. “Teams need to patch immediately to one of the fixed versions.”MacKenzie Brown, vice president of the advisory pursuit group at Blackpoint Cyber, said the CVE-2025-9242 vulnerability in WatchGuard Fireware OS is especially concerning because it impacts VPN functionality, which is a critical pathway for secure remote access.“Exploitation could allow a threat actor to send crafted network traffic to the affected iked service to trigger memory corruption and execute code on the device without prior authentication,” said Brown. “Successful exploitation can give a threat actor full control of the appliance allowing persistence, traffic interception, lateral movement, and the ability to use the device as a pivot point for wider compromise.”Damon Small, a board member at Xcape Inc., added that this flaw presents a serious risk, as it could let remote attackers gain unauthorized access and potentially control the systems. Small said any vulnerability in these firewall devices can lead to widespread exploitation, especially since attackers often quickly weaponize publicly known firewall weaknesses.“This also presents a good opportunity for companies to examine their internal network configuration for proper security segmentation in case of a potential perimeter compromise,” said Small. “Robust event alerting and rapid response can address network traffic anomalies in a timely fashion.”
Network Security, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Application security
WatchGuard patches 9.3 flaw in Firebox firewalls
(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds