WatchGuard warns of vulnerability CVE-2025-9242 in Firebox

[German]The provider WatchGuard is active in network security and offers a Firebox appliance in this area. In a recent security alert dated September 17, 2025, the provider points out a critical vulnerability CVE-2025-9242 in its Firebox appliance that allows an attacker to execute code.

reader Benjamin T. alerted me to the problem yesterday in the late afternoon in an email with the subject line "Watchguard Firewall Security Vulnerability" (thanks for that) and wrote:

There is currently a security vulnerability in Watchguard firewalls: An out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process could allow a remote, unauthenticated attacker to execute arbitrary code.

WatchGuard works with over 17,000 resellers to protect the networks of more than 250,000 small and medium-sized businesses worldwide. On September 17, 2025, WatchGuard published security advisory WGSA-2025-00015: WatchGuard Firebox iked Out of Bounds Write Vulnerability regarding vulnerability CVE-2025-9242.

The vulnerability was rated critical with a CVSS score of 9.3. An out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process could allow an unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN with IKEv2 when configured with a dynamic gateway peer.

WatchGuard warns: If the Firebox was previously configured with the mobile user VPN using IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer and both configurations have since been deleted, this Firebox may still be vulnerable if a branch office VPN connection to a static gateway peer is still configured.

This vulnerability affects Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1. WatchGuard has provided security updates for the affected Fireware OS versions:

The affected products are listed in the advisory.