Cybersecurity

Watchguard Warns Of Active Exploitation Of Critical Fireware Os Vpn...

2025-12-19 0 views admin
Watchguard Warns Of Active Exploitation Of Critical Fireware Os Vpn...

WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks.

Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code.

"This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory.

"If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured."

The vulnerability impacts the following versions of Fireware OS -

WatchGuard acknowledged that it has observed threat actors actively attempting to exploit this vulnerability in the wild, with the attacks originating from the following IP addresses -

Interestingly, the IP address "199.247.7[.]82" was also flagged by Arctic Wolf earlier this week as linked to the exploitation of two recently disclosed security vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8).

The Seattle-based company has also shared multiple indicators of compromise (IoCs) that device owners can use to determine if their own instances have been infected -

The disclosure comes a little over a month after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another critical WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation.

It's currently not known if these two sets of attacks are related. Users are advised to apply the updates as soon as possible to secure against the threat.

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityvulnerabilitycveattack

More from Cybersecurity

Cisco Vpns, Email Services Hit In Separate Threat Campaigns 2025

Cisco Vpns, Email Services Hit In Separate Threat Campaigns 2025

2025-12-19 0
Microsoft Confirms Teams Is Down And Messages Are Delayed 2025

Microsoft Confirms Teams Is Down And Messages Are Delayed 2025

2025-12-19 0
Nigeria Arrests Dev Of Microsoft 365 'raccoon0365' Phishing Platform

Nigeria Arrests Dev Of Microsoft 365 'raccoon0365' Phishing Platform

2025-12-19 0
Russia-linked Hackers Use Microsoft 365 Device Code Phishing For...

Russia-linked Hackers Use Microsoft 365 Device Code Phishing For...

2025-12-19 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views