Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Arbitrary Code Execution in WatchGuard Fireware OS, Patch Immediately!
Image
Gepubliceerd : 19/12/2025
* Last update: 19/12/2025
* Affected software:: WatchGuard Fireware OS
* Type: Arbitrary Code Execution
* CVE/CVSS
→ CVE-2025-14733: CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red)
Sources
WatchGuard: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027
Risks
A newly discovered vulnerability in WatchGuard Fireware allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.
WatchGuard Fireware is the operating system that powers WatchGuard Firebox firewalls.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2025-14733, has been identified in WatchGuard Fireware OS affecting versions 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.5, and 2025.1 through 2025.1.3. This flaw is an out-of-bounds write vulnerability in the iked process that handles IKE negotiations, specifically impacting Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with dynamic gateway peers.
A remote unauthenticated attacker can exploit this vulnerability without requiring any authentication or user interaction by sending crafted IKE_AUTH request messages with abnormally large CERT payloads (greater than 2000 bytes), allowing them to write outside the bounds of allocated memory and achieve arbitrary code execution on vulnerable Firebox appliances.
WatchGuard has observed threat actors actively attempting to exploit this vulnerability in the wild.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
WatchGuard: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027