Full Report
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations relying on these devices for network security. The Vulnerability WatchGuard Firebox firewalls contain an out-of-bounds write […] The post CISA Warns of Active Exploitation of WatchGuard Firebox Out-of-Bounds Write Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: WatchGuard Firebox Out-of-Bounds Write Enabling RCE
## CVE Details
- CVE ID: CVE-2025-9242
- CVSS Score: Not explicitly stated, but described as "critical" and allows Remote Code Execution (RCE). (Implies high score, likely 9.0+)
- CWE: CWE-787 (Out-of-bounds Write)
## Affected Systems
- Products: WatchGuard Firebox firewalls
- Versions: All vulnerable versions (Specific versions not detailed in the provided summary, but vendors advisory must be checked)
- Configurations: Affects the OS `iked` process.
## Vulnerability Description
The vulnerability is an **Out-of-Bounds Write** flaw residing within the OS `iked` process on WatchGuard Firebox firewalls. This memory corruption bug allows remote, unauthenticated attackers to write data beyond the intended memory boundaries. Successful exploitation can lead to the attacker executing arbitrary code on the affected device.
## Exploitation
- Status: Exploited in the wild (Added to CISA KEV catalog on November 12, 2025)
- Complexity: Implied Low, as it is remote and unauthenticated.
- Attack Vector: Network (Remote)
## Impact
- Confidentiality: High (Ability to access sensitive data after successful RCE)
- Integrity: High (Ability to execute arbitrary code and compromise system controls)
- Availability: High (Ability to disrupt critical operations)
## Remediation
### Patches
- Organizations must apply mitigations per WatchGuard’s vendor instructions immediately. Prioritize patching as soon as updates become available. (Specific patch versions are not listed in this summary).
### Workarounds
- For organizations unable to deploy patches immediately, CISA recommends **discontinuing use of the affected products** until mitigations are available.
## Detection
- Review firewall logs for suspicious activity.
- Implement additional monitoring specifically for signs of compromise related to known exploitation techniques for this vulnerability prior to patching.
## References
- Vendor advisory from WatchGuard (Required for specific patch details)
- CISA KEV Catalog entry for CVE-2025-9242
- CISA Guidance link: hxxps://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA Deadline for Remediation: December 3, 2025.