WatchGuard Patches Firebox Zero-Day Exploited in the Wild

WatchGuard has released patches for a critical-severity vulnerability in the Firebox firewalls, warning that it has been exploited in the wild.

Tracked as CVE-2025-14733 (CVSS score of 9.3), the zero-day is described as an out-of-bounds write issue affecting the Fireware OS’s iked process.

Successful exploitation of the flaw, WatchGuard says, could allow remote, unauthenticated attackers to execute arbitrary code on vulnerable devices.

The Shadowserver Foundation has reported detecting roughly 125,000 IP addresses associated with WatchGuard firewalls affected by CVE-2025-14733, including nearly 40,000 located in the United States.

“This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer,” WatchGuard’s advisory reads.

According to the vendor, even Firebox instances that had the flawed configuration deleted could be vulnerable if they still have a branch office VPN to a static gateway peer configured.

“WatchGuard ...