Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution
A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
WatchGuard ยท Firebox
Known ransomware use: Unknown
Follow the source advisory and validate exposure in your environment.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Recent reporting that mentions CVE-2025-9242.
A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. [...]