The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw affecting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 and later 11.12.4_Update1, 12.0 and later 12.11.3 and 2025.1.
“The WatchGuard Firebox has an out-of-bounds write vulnerability in the OS process that could allow an unauthenticated, remote attacker to execute arbitrary code,” CISA said in an advisory.
Details of the vulnerability were shared by watchTowr Labs last month, and the cybersecurity firm said the issue was due to a missing length check on the identification buffer used during the IKE handshake process.
“The server attempts to verify the certificate, but that verification happens after the vulnerable code has executed, allowing the path of the vulnerable code to be reached before authentication,” security researcher Macaulay Hudson said.
At this time, details about how the security flaw is being exploited and at what scale are unknown. As of November 12, 2025, more than 54,300 Firebox instances are still vulnerable to this critical bug, down from a high of 75,955 on October 19, according to data from the Shadowserver Foundation.
The scan revealed that approximately 18,500 of these devices were located in the United States. Italy (5,400), the United Kingdom (4,000), Germany (3,600) and Canada (3,000) round out the top five. Federal Civilian Executive Branch (FCEB) agencies are encouraged to apply the WatchGuard patch by December 3, 2025.
This development comes after CISA added recently disclosed flaws in the Windows kernel, CVE-2025-62215 (CVSS score: 7.0), and Gladinet Triofox improper access control vulnerability, CVE-2025-12480 (CVSS score: 9.1), to the KEV catalog. Google’s Mandiant Threat Defense team believes that CVE-2025-12480 is being exploited by threat actors we track as UNC6485.
Source link
