Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.
Stay secure with our latest firewall updates, trends, and expert insights in information security to protect your digital assets effectively.
Search across headline titles and summaries.
Background for this topic.
Firewalls are security controls that permit or block network connections according to policy. They can operate at network boundaries, between internal segments, on individual hosts, or in cloud environments. Basic rules use addresses, ports, protocols, and connection state; more advanced firewalls may inspect applications or encrypted traffic where configured. Their purpose is to limit which systems can communicate, not to determine that all permitted traffic is safe.
Security depends heavily on accurate policy and maintenance. Overly broad, obsolete, or conflicting rules can expose services or allow unnecessary lateral movement, while unmanaged administrative interfaces and unpatched firewall software create additional attack surfaces. Practitioners should restrict management access, apply least-privilege rules, review and remove exceptions, and monitor logs for unexpected connections and policy changes. Firewall logs can support investigation, but encryption, evasion, and traffic allowed by policy may limit what the control can detect.
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.
Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OSAttackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk.
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. [...]