Exploitation of WatchGuard Firebox OS Vulnerability CVE-2025-9242
Advisory addresses a critical vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code
Summary
Advisory addresses a critical vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2025-9242
CVE-2025-9242 is being actively exploited and has been added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities Catalog (KEV).
Additionally, WatchGuard has added indicators of attack (IoAs) to their advisory to help device owners identify potential attempts to exploit this vulnerability against vulnerable Firebox appliances.
Introduction
Active exploitation in the wild has been reported for the vulnerability CVE-2025-9242, which affects WatchGuard Firebox OS.
-
CVE-2025-9242 - 'Out-of-bounds Write' vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code - CVSSv4: 9.3
Threat updates
| Date | Update |
|---|---|
| 17 Nov 2025 | Corrected CVE identifier in exploitation section |
Remediation advice
Affected organisations are encouraged to review the WatchGuard Security Advisory WGSA-2025-00015 page and apply the relevant security update as soon as possible.
Definitive source of threat updates
Last edited: 17 November 2025 10:03 am