The Watchguard has issued security updates to address the remote code execution vulnerability affecting the company’s firebox firewall.
CVE-2025-9242 was tracked, this significant security defect is caused by one Out-off-bounds right Weakness that may allow the attackers to execute a remote malicious code on weak devices after successful exploitation.
CVE-2025-9242 Firewear affects the firewall running on OS (end of life), 12.x, and 2025.1, and versions were set in 12.3.1_update3 (B722811), 12.5.13, 12.11.4 and 2025.1.1.
While firebox firewalls are insecure only for attacks if they have been configured to use IKEV2 VPN, the Watchguard said they may still be at risk of compromising, even if weak configurations have been removed, if a branch office is still configured for a static gateway co -worker.
“An out-of-bounds watchguard fireware writes vulnerability in the OS IKED process, allowing a distance informal attacker to execute arbitrary code. This vulnerability affects both using both IKEV2 and branch office VPN using IKEV2, when configured with both, when a dynamic gateway has been configured with a dynamic gateway,” Wednesday advisor,
“If the firebox was first configured with a dynamic gateway colleague using IKEV2 with mobile user VPN or IKEV2 with a branch office VPN, and both those configurations have been removed since then the firebox can still weaken if a branch office VPN has still been configured.”
| Product branch | Weak firewall |
|---|---|
| Fireware OS 12.5.x | T15, T35 |
| Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M590, M670, M690, M4440, M4600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600, M5600 |
| Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
The Watchguard also offers a temporary work -round for administrators that immediately cannot patch the devices running the weak software configured with branch office VPN (BOVPN) tunnels.
For this, they need to disable dynamic colleagues, add new firewall policies and disable default system policies that handle VPN traffic, as mentioned as mentioned This support documentWhich provides detailed instructions on how to secure access to Bovpns that use IPSec and Ikev2.
While this important vulnerability is yet to be exploited in the wild, the admins are still advised to patch their Watchguard firebox devices, as the actor of the danger considers Firewall as an attractive goal. For example, the Akira Rainmware Gang is actively exploiting a one-year significant-seriousness to compromise with the Sonicwall Firewall, CVE-2024–40766.
Two years ago, in April 2022, Cyber Security and Infrastructure Security Agency (CISA) also ordered federal civilian agencies to actively affect the Watchguard Firebox and XTM Firewall devices to affect the exploited bug.
The Watchguard collaborates with more than 17,000 security resellers and service providers to protect the network of more than 250,000 small and medium -sized companies worldwide,
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
