Critical WatchGuard Vulnerability Lets Unauthenticated Attackers Run Arbitrary Code

WatchGuard released an advisory detailing a critical vulnerability in its Firebox line of network security appliances.

Tracked as CVE-2025-9242, the flaw resides in the iked component of WatchGuard’s Fireware OS.

An out-of-bounds write in the IKEv2 handling routine can allow a remote, unauthenticated attacker to execute arbitrary code on affected devices.

Overview of the Vulnerability

This vulnerability affects a broad range of Fireware OS versions, including 11.10.2 through 11.12.4_Update1, the entire 12.0 series up to 12.11.3, and the 2025.1 release.

Both mobile user VPN (IKEv2) and branch office VPN (IKEv2) configurations are potentially vulnerable when dynamic gateway peers were once in use.

Even if those configurations have since been deleted, a still-active static gateway VPN tunnel can sustain the risk.

Due to the widespread use of Firebox appliances in enterprise and small business ...