Out-of-bounds Write Vulnerability in WatchGuard Fireware OS for VPN Solutions
CVE-2025-9242

9.3CRITICAL

Key Information:

Vendor

Watchguard

Status
Fireware Os
Vendor
CVE Published:
17 September 2025

Badges

📈 Score: 1,070👾 Exploit Exists📰 News Worthy

What is CVE-2025-9242?

CVE-2025-9242 is an out-of-bounds write vulnerability found in the WatchGuard Fireware OS, specifically impacting VPN solutions. The Fireware OS is integral for secure internet communications in various organizational environments, including the Mobile User VPN and the Branch Office VPN that utilize IKEv2 protocol. This vulnerability allows a remote unauthenticated attacker to potentially execute arbitrary code on affected systems, narrowing security defenses and exposing sensitive organizational data. The software versions impacted include Fireware OS from 11.10.2 through to 11.12.4_Update1, as well as 12.0 to 12.11.3 and 2025.1. Its exploitation could disrupt network security and operational integrity, leading to serious repercussions for organizations reliant on these VPNs.

Potential impact of CVE-2025-9242

  1. Remote Code Execution: The vulnerability permits attackers to execute arbitrary code, which could lead to unauthorized access and control of the affected systems. This may enable the attacker to manipulate or steal sensitive information, jeopardizing organizational security.

  2. Compromise of Network Security: Exploiting this vulnerability can allow malicious actors to breach VPN defenses, undermining secure communications. This could result in the interception and manipulation of data traversing through the VPN, leading to data breaches and loss of confidentiality.

  3. Operational Disruption: Successful exploitation may lead to system instability or complete service outages, disrupting business operations. This can result in significant downtime and associated financial losses, as well as damage to an organization's reputation.

Affected Version(s)

Fireware OS 12.0 <= 12.11.3

Fireware OS 11.10.2 <= 11.12.4+541730

Fireware OS 2025.1 < 2025.1.1

News Articles

favicon imageCyber Press

Over 71,000 WatchGuard Devices Exposed to Remote Code Execution Vulnerabilities

According to new data published, security researchers at Shadowserver observed over 71,000 WatchGuard devices part of a global exposure.

3 days ago

favicon imagegbhackers.com

Over 71,000 WatchGuard Devices Exposed to Remote Code Execution Attacks

Security researchers at Shadowserver observed over 71,000 WatchGuard devices part of a global exposure that could allow remote code execution attacks.

3 days ago

favicon imageCybersecurityNews

71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks

The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS.

3 days ago

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by watchTowr Labs

  • Vulnerability published

  • Vulnerability Reserved

Credit

btaol
JSON
.
CVE-2025-9242 : Out-of-bounds Write Vulnerability in WatchGuard Fireware OS for VPN Solutions