Latest WatchGuard Firebox vulnerability #
WatchGuard has disclosed that certain versions of its Fireware OS are affected by an out-of-bounds write vulnerability in IKED, the Internet Key Exchange (IKE) daemon that facilitates the establishment of IPsec VPN tunnels. This vulnerability may allow a remote, unauthenticated adversary to execute arbitrary code on the system. The vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN (BOVPN) with IKEv2 when configured with a dynamic gateway peer. A Firebox that was previously configured with either a mobile user VPN with IKEv2 or a BOVPN with IKEv2 to a dynamic gateway peer may still be vulnerable, even if those configurations have since been deleted, if it is still configured with a BOVPN to a static gateway peer. This vulnerability has been designated CVE-2025-9242 and has been rated critical with a CVSS score of 9.3.
The following models are affected
- Firebox models with Fireware OS 12.5.x: T15, and T35
- Firebox models with Fireware OS 12.x: T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, and FireboxV
- Firebox models with Fireware OS 2025.1.x: T115-W, T125, T125-W, T145, T145-W, and T185
The following versions are affected
- Fireware OS version 11.10.2 through 11.12.4_Update1
- Fireware OS version 12.0 through 12.11.3
- Fireware OS version 2025.1
What is the impact? #
Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- Fireware OS 11.x end-of-life (EOL) versions upgrade to a supported version
- Fireware OS 12.x upgrade to version 12.11.4 or later
- Fireware OS 12.3.1 (FIPS-certified release) upgrade to version 12.3.1_Update3 (B722811) or later
- Fireware OS 12.5.x (Firebox T15 & T35) upgrade to version 12.5.13 or later
- Fireware OS 2025.1 upgrade to version 2025.1.1 or later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially vulnerable assets:
os:="WatchGuard Fireware"