Firewall vulnerability: WatchGuard urges immediate firmware upgrade to ensure security
In a recent announcement, WatchGuard has identified a critical security vulnerability (CVE-2025-9242) affecting specific Firebox models, including the T15, T70, and M4800. This vulnerability, if exploited, could potentially lead to full system compromise.
The vulnerability is found in the iked process of the Fireware OS and leads to a memory error (out-of-bounds), allowing for malicious code execution. This vulnerability is exploitable remotely and without authentication, making it a significant concern for device security.
The specifics of how attacks might unfold are not yet known, but WatchGuard urges prompt updates to protect affected instances. Devices are also vulnerable if these configurations existed in the past but have since been removed.
If you are a user of the aforementioned Firebox models and currently use or had Mobile User VPN or Branch Office VPN configured with IKEv2, including those who removed such configurations but still have branch office VPN to a static gateway peer, your device remains vulnerable to this critical vulnerability.
WatchGuard recommends immediate upgrading to Fireware OS version 12.5.13 or later (e.g., 12.11.4 or 2025.1.1) to prevent potential remote code execution attacks. For cases where an immediate upgrade is not possible, the manufacturer has provided temporary mitigation measures.
It's worth noting that support for Fireware OS 11.x has ended, and this version branch will not receive security patches. Therefore, it is essential to upgrade to a still-supported version if you cannot install the security patch immediately.
Staying up-to-date with security patches is crucial for maintaining the security of your WatchGuard Firebox device. We encourage all users to follow WatchGuard's recommendations and upgrade their devices as soon as possible to ensure the protection of their systems.
