WatchGuard has launched safety updates to repair a high-risk vulnerability in its Firebox firewalls. This concern, CVE-2025-9242, might enable a distant attacker to take management of a tool. The corporate is urging all customers to replace their programs straight away to keep away from potential assaults.
What Is the Drawback?
This vulnerability is what’s referred to as an ‘out-of-bounds write’ weak point. Consider a pc’s reminiscence as a sequence of bins. An out-of-bounds write occurs when a program tries to place knowledge right into a field it’s not presupposed to, which may mess up the system.
In Firebox’s case, it might let a hacker run their very own malicious code on the firewall while not having to be an authenticated person. The sort of flaw may be very severe as a result of firewalls are supposed to shield networks from outdoors threats. That’s why the difficulty has been given a high-risk rating of 9.3 out of 10.
The issue impacts a variety of units. This vulnerability impacts Fireware OS 11.10.2 as much as and together with 11.12.4_Update1, 12.0 as much as and together with 12.11.3 and 2025.1. Whereas the vulnerability is barely current if a person had beforehand arrange a sure kind of VPN (Digital Personal Community) known as IKEv2, WatchGuard says even when these settings had been deleted, the system might nonetheless be in danger.
As WatchGuard said in its advisory, “An Out-of-bounds Write vulnerability within the WatchGuard Fireware OS iked course of could enable a distant unauthenticated attacker to execute arbitrary code.”
The affected merchandise embody the Firebox T15 and T35 fashions working Fireware OS 12.5.x, in addition to quite a few different fashions within the T, M, and Firebox Cloud sequence that run Fireware OS 12.x and 2025.1.x.
What to Do Now
Though there have been no recognized assaults utilizing this weak point, the chance is actual. Attackers usually goal firewalls as a result of they’re a key entry level to a community.
WatchGuard has already launched fixes for this downside in a number of software program updates, together with variations 12.3.1_Update3, 12.5.13, 12.11.4, and 2025.1.1. For those who personal a WatchGuard Firebox, it is best to verify your system’s software program model and set up the most recent replace instantly. For customers who can’t replace straight away, WatchGuard recommends a short lived repair by limiting how site visitors can get to the VPN.
The corporate recognised a researcher named “btaol” for locating and reporting this concern.
Professional Commentary
A number of cybersecurity consultants weighed in on the seriousness of the difficulty and shared their ideas with Hackread.com.
David Matalon, CEO at Venn, known as the flaw a “reminder of simply how a lot belief organisations place in perimeter defences.” He added {that a} layered strategy is “crucial to limiting the blast radius when vulnerabilities inevitably emerge.”
Mayuresh Dani, Safety Analysis Supervisor at Qualys Menace Analysis Unit, highlighted the vulnerability’s persistence, noting that “even when susceptible VPN configurations have been deleted, programs stay in danger.”
He additionally identified that, in accordance with risk reviews, many exploited vulnerabilities in 2025 affected “edge safety and gateway merchandise” as a result of they provide a simple means for attackers to get into an organisation.
Frankie Sclafani, Director of Cybersecurity Enablement at Deepwatch, described the CVSS 9.3 rating as “the cyber equal of a five-alarm fireplace.” He confused that for an attacker, “compromising the firewall is the final word tactical win,” because it affords an ideal entry level right into a community.
