CVE-2025-9242
WatchGuard Firebox iked Out of Bounds Write Vulnerability
In short
A memory error in WatchGuard Firebox VPN software allows an attacker on the network to write data outside allocated memory, potentially taking over the device. This affects VPN connections used for remote workers and branch office access.
Technical detail
An out-of-bounds write vulnerability in the iked daemon of Fireware OS affects Mobile User VPN and Branch Office VPN implementations using IKEv2 with dynamic gateway peers. Remote, unauthenticated attackers can exploit improper buffer handling to execute arbitrary code with device privileges; vulnerable versions include 11.10.2–11.12.4_Update1, 12.0–12.11.3, and 2025.1.
Summary generated and translated by AI from the official description.
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WatchGuard · Fireware OSpublic PoCs found — 2
githubgithub.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242★ 13cve_referencegithub.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242/blob/main/watchTowr-vs-WatchGuard-CVE-2025-9242.pyunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →