Critical Vulnerability in WatchGuard Firebox Under Exploitation

Successful exploitation of CVE-2025-14733 could allow a remote unauthenticated attacker to execute code remotely.

Threat ID:: CC-4733
Threat Severity:: Medium
Published:: 19 December 2025 1:25 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2025-14733 could allow a remote unauthenticated attacker to execute code remotely.

Affected platforms

The following platforms are known to be affected:

WatchGuard Firebox

Fireware OS versions:

11.10.2 to 11.12.4_Update1

12.0 to 12.11.5
2025.1 to 2025.1.3

Firebox appliances are vulnerable if using an affected Fireware OS version (see above) and have one of the following configurations:

Mobile User VPN with IKEv2 and configured with a dynamic gateway peer

Branch Office VPN with IKEv2 and configured with a dynamic gateway peer

Note: If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured.

Threat details

CVE-2025-14733 Under Exploitation

WatchGuard has reported that CVE-2025-14733 in the Fireware OS used by Firebox is under exploitation. Successful exploitation can allow a remote unauthenticated attacker to execute arbitrary code on the Firebox appliance.

The NHS England National CSOC assesses further exploitation as likely.

Introduction

WatchGuard has released security updates to address a critical vulnerability in the Fireware operating system used by Firebox devices.

CVE-2025-14733 - Out-of-Bounds Write Vulnerability - CVSSv4 score: 9.3

Remediation advice

Affected organisations are strongly encouraged to review WatchGuard security advisory WGSA-2025-00027 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027

CVE Vulnerabilities

Status Published

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

Last edited: 19 December 2025 1:25 pm