WatchGuard recently announced the discovery of a critical security hole in its Fireware OS that allows remote attackers to run arbitrary code without any prior authentication. This vulnerability, tracked as CVE-2025-14733 with a high-severity score of 9.3, stems from a memory handling error in the iked process. The company confirmed that this flaw is already being weaponized in the real world, making immediate patching a necessity for all affected network administrators.
The risk is specifically tied to Internet Key Exchange version 2 configurations, affecting both mobile user VPNs and branch office connections that utilize dynamic gateway peers. WatchGuard warned that even if these specific configurations were recently deleted, a system might remain at risk if other static branch office VPNs are still active. To combat this, fixes have been rolled out across multiple versions of the OS, including the latest 2025 releases and legacy 12.x branches, while older 11.x versions are considered end-of-life and will not receive updates.
Security researchers have identified several specific IP addresses involved in the ongoing attacks, one of which was recently connected to high-profile exploits against Fortinet infrastructure. This overlap suggests that sophisticated threat actors are systematically targeting enterprise networking equipment across different vendors. To help organizations detect potential breaches, WatchGuard highlighted indicators such as abnormally large certificate payloads or instances where the VPN process hangs or crashes unexpectedly.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
For those unable to apply the software updates immediately, the company has provided a series of manual mitigation steps. These include disabling dynamic peer branch office VPNs and restricting traffic through the creation of specific IP aliases and new firewall policies that bypass default settings. This proactive stance is intended to shield vulnerable devices from the current wave of automated exploitation attempts while administrators schedule the necessary downtime for full system patching.
This latest security alert follows closely on the heels of another major WatchGuard vulnerability that was recently added to the CISA Known Exploited Vulnerabilities catalog. The rapid succession of these flaws highlights an increasing focus by cybercriminals on gateway security appliances. Consequently, experts are urging all users to treat these updates as a top priority to prevent their network infrastructure from being used as an entry point for deeper corporate intrusions.
Source: WatchGuard Reports Active Exploitation Of Critical Fireware OS VPN Vulnerability