Out-of-bounds Write Vulnerability in WatchGuard Fireware OS for VPN Solutions
CVE-2025-9242
Key Information:
- Vendor
Watchguard
- Status
- Vendor
- CVE Published:
- 17 September 2025
Badges
What is CVE-2025-9242?
CVE-2025-9242 is an out-of-bounds write vulnerability found in the WatchGuard Fireware OS, specifically impacting VPN solutions. The Fireware OS is integral for secure internet communications in various organizational environments, including the Mobile User VPN and the Branch Office VPN that utilize IKEv2 protocol. This vulnerability allows a remote unauthenticated attacker to potentially execute arbitrary code on affected systems, narrowing security defenses and exposing sensitive organizational data. The software versions impacted include Fireware OS from 11.10.2 through to 11.12.4_Update1, as well as 12.0 to 12.11.3 and 2025.1. Its exploitation could disrupt network security and operational integrity, leading to serious repercussions for organizations reliant on these VPNs.
Potential impact of CVE-2025-9242
-
Remote Code Execution: The vulnerability permits attackers to execute arbitrary code, which could lead to unauthorized access and control of the affected systems. This may enable the attacker to manipulate or steal sensitive information, jeopardizing organizational security.
-
Compromise of Network Security: Exploiting this vulnerability can allow malicious actors to breach VPN defenses, undermining secure communications. This could result in the interception and manipulation of data traversing through the VPN, leading to data breaches and loss of confidentiality.
-
Operational Disruption: Successful exploitation may lead to system instability or complete service outages, disrupting business operations. This can result in significant downtime and associated financial losses, as well as damage to an organization's reputation.
CISA has reported CVE-2025-9242
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-9242 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Fireware OS 12.0 <= 12.11.3
Fireware OS 11.10.2 <= 11.12.4+541730
Fireware OS 2025.1 < 2025.1.1
News Articles
CISA warns of WatchGuard firewall flaw exploited in attacks
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices.
21 hours ago
The Hacker NewsCVE-2025-9242CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
CISA warns 54K+ WatchGuard firewalls risk remote exploits via CVE-2025-9242; patches due by Dec 3.
1 day ago
Cyber PressCVE-2025-9242Over 71,000 WatchGuard Devices Exposed to Remote Code Execution Vulnerabilities
According to new data published, security researchers at Shadowserver observed over 71,000 WatchGuard devices part of a global exposure.
3 weeks ago
References
EPSS Score
60% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- ๐
Vulnerability started trending
- ๐ฆ
CISA Reported
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by watchTowr Labs
Vulnerability published
Vulnerability Reserved