What's Happening?
A critical vulnerability has been identified in over 73,000 WatchGuard Firebox devices, which remain unpatched despite the availability of fixes. The flaw, tracked as CVE-2025-9242, is an out-of-bounds write issue in the 'iked' process of the Fireware
OS, affecting versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. This vulnerability allows unauthenticated remote attackers to execute arbitrary code, posing a significant security risk. WatchGuard released patches in mid-September, but a substantial number of devices, particularly in the U.S., Germany, Italy, the UK, and Canada, remain vulnerable. The Shadowserver Foundation's scans reveal that approximately 24,000 of these devices are located in the U.S. alone.
Why It's Important?
The vulnerability in WatchGuard Firebox devices is significant due to the potential for unauthorized access and control over network security appliances, which are critical in protecting internal networks from external threats. With over 250,000 small and midsize enterprises relying on these devices, the unpatched flaw poses a substantial risk of exploitation, potentially leading to data breaches and other cyber threats. The widespread nature of the vulnerability, affecting devices across more than 100 countries, underscores the urgency for organizations to apply the available patches to safeguard their networks.
What's Next?
Organizations using WatchGuard Firebox devices are strongly advised to implement the patches provided by WatchGuard to mitigate the risks associated with this vulnerability. Failure to do so could result in unauthorized access and potential data breaches. As the vulnerability affects a service typically accessible from the internet, it is crucial for IT departments to prioritize these updates to protect their network infrastructure. Continued monitoring and scanning by cybersecurity organizations like The Shadowserver Foundation will be essential in tracking the patching progress and identifying any remaining vulnerable devices.