Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical Out-of-Bounds Write in WatchGuard Fireware OS, Patch Immediately!
Image
Veröffentlicht : 17/09/2025
- Last update: 17/09/2025
- Affected software: WatchGuard: Fireware OS
→ 11.10.2 up to and including 11.12.4_Update1
→ 12.0 up to and including 12.11.3 and 2025.1- Type: CWE-787 Out-of-bounds Write
- CVE/CVSS
→ CVE-2025-9242: CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-9242
Risks
WatchGuard disclosed a critical vulnerability (CVE-2025-9242) in Fireware OS that allows remote, unauthenticated attackers to execute arbitrary code on affected Firebox appliances. These devices act as VPN gateways, making them attractive targets for threat actors seeking initial access to corporate networks.
Successful exploitation can result in full device compromise, threatening the confidentiality, integrity, and availability of the internal network. Immediate patching or mitigation is strongly recommended.
Description
CVE-2025-9242: CVSS 9.3
CWE-787 Out-of-bounds Write
The vulnerability lies in the iked process of WatchGuard Fireware OS, which handles IKEv2 (Internet Key Exchange) VPN connections. It is an out-of-bounds write, meaning the software writes data outside the boundaries of allocated memory during IKEv2 negotiation.
An attacker can exploit this flaw by sending specially crafted IKEv2 packets to a vulnerable Firebox device over the network, without needing authentication. This allows the attacker to corrupt memory and execute arbitrary code with the privileges of the iked process, effectively gaining control of the device.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Versions 11.x are End of Life and should be replaced. Others can patch to versions 2025.1.1, 12.11.4, 12.5.13, 12.3.1_Update3 (B722811) or later. There is also a temporary workaround provided by the vendor for when immediate patching is not possible.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
Vendor advisory - https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015