The flaw, tracked as CVE-2025-9242, exists in the component that handles IKEv2 VPN connections and has been assigned a critical severity score of 9.3 out of 10.0.
The vulnerability is an out-of-bounds write issue within the Fireware operating system’s iked process, which manages IKEv2 key exchanges for VPNs.
Attackers can exploit this flaw by sending a specially crafted packet to an affected device, triggering a stack-based buffer overflow. Security researchers have noted that this type of vulnerability is surprisingly common in modern enterprise-grade appliances, which often lack basic exploit mitigations like stack canaries.
Because the flaw is reachable before any authentication takes place, it poses a significant risk to the large number of organizations that rely on these devices for perimeter security .
According to a WatchGuard advisory report, the vulnerability impacts numerous versions of its Fireware OS, including 11.x, 12.x, and 2025.1. Specifically, devices are at risk if they are configured to use a mobile user VPN with IKEv2 or a branch office VPN that connects to a dynamic gateway peer.
The advisory warns that a device may remain vulnerable even if these configurations have been deleted, as long as a branch office VPN to a static gateway peer is still active.
The vulnerability affects a wide range of Firebox models, from small office devices like the T15 to larger enterprise units such as the M5800, as well as Firebox virtual appliances.
With WatchGuard stating it protects over 250,000 businesses and 10 million endpoints, the potential attack surface is substantial.
Security researchers were also able to develop a reliable method to fingerprint the exact Fireware OS version of a device with a single UDP packet, making it easier for attackers to identify vulnerable targets.
WatchGuard has released security updates to address the vulnerability and urges customers to upgrade their systems immediately.
Patched versions include Fireware OS 2025.1.1, 12.11.4, 12.5.13, and 12.3.1_Update3. The company credited a researcher named “btaol” for discovering and reporting the flaw.
For organizations unable to apply the patches right away, WatchGuard has provided a temporary workaround. Administrators can secure their branch office VPNs by following the company’s best-practice recommendations for IPSec and IKEv2 configurations.
Given the critical nature of this pre-authentication remote code execution vulnerability on a perimeter security device, administrators are strongly advised to prioritize patching to prevent potential exploitation by threat actors, including ransomware groups.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post WatchGuard VPN Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
In the ever-evolving world of malvertising, where bad actors continually refine their techniques, a new…
Retired Concord Circuit Court Judge Gerard Boyle has been nominated to be the next settlement…
Salisbury residents will be voting on a number of issues and candidates on March 10,…
Christopher Ellms Jr. received a 4-1 vote from the executive council on Wednesday to become…
Merrimack Valley voters will cast their ballots on March 5 in four School Board races,…
As libertarians affiliated with the Free State Project gather at an annual conference in Concord…
This website uses cookies.