WatchGuard Fixes Firewall Zero-Day Being Actively Exploited

Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OS Mathew J. Schwartz (euroinfosec) • December 22, 2025

Attackers are actively attempting to exploit a zero-day vulnerability in WatchGuard Firebox firewalls to remotely execute code. A patch is available to fix the flaw.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

"WatchGuard has observed threat actors actively attempting to exploit this vulnerability in the wild," says the vendor's security alert, published Thursday and updated Friday.

The critical flaw, which rates a CVSS score of 9.3, is tracked as CVE-2025-14733.

Scans of the internet conducted by The Shadowserver Foundation on Saturday cataloged nearly 125,000 unpatched devices, of which the greatest number, 38,300, traced to IP addresses in the United States, followed by 14,000 in Germany and 12,300 in Italy. By Sunday, the total count of vulnerable devices dropped by ...