- CVE-2025-9242 permits unauthenticated distant code execution on WatchGuard Fireware gadgets
- The vulnerability impacts VPN configurations that use IKEv2 with dynamic gateway friends
- Companies ought to patch affected variations and limit Internet entry to solely important gadgets.
WatchGuard Fireware, the working system that powers a lot of WatchGuard’s software program, had a crucial severity vulnerability that allowed risk actors to execute arbitrary code remotely and primarily take over compromised gadgets, the corporate warned.
The vulnerability is tracked as CVE-2025-9242 and was assigned a severity rating of 9.3/10 (crucial). It is described as an out-of-bounds write vulnerability that permits unauthenticated entities to execute arbitrary code.
“This vulnerability impacts each the cell consumer’s VPN utilizing IKEv2 and the department VPN utilizing IKEv2 when configured with a dynamic gateway peer,” WatchGuard defined in a current safety advisory.
Music to the ears of ransomware gangs
Versions 11.10.2 via 11.12.4_Update 1 have been mentioned to be affected, in addition to variations 12.0 – 12.11.3 and 2025.1. FireGuard launched patches that tackle the flaw in these variations:
2025.1 – Fixed in 2025.1.1
12.x – Fixed in 12.11.4
12.3.1 (FIPS licensed model): Fixed in 12.3.1_Update3 (B722811)
12.5.x (T15 and T35 fashions) – Fixed in 12.5.13)
11.x – Reached finish of life
In their evaluation of the flaw, safety researchers watchTowr described it as having “all the hallmarks that ransomware gangs in your neighborhood love to see”: it was discovered on an internet-connected machine, it may be exploited with out authentication, and it permits distant execution of malicious code.
Ransomware operators like to assault firewalls and routers, as they function gateways for many Internet site visitors on a community.
They additionally goal file servers and area controllers, as encrypting them disrupts many customers, in addition to distant entry providers equivalent to RDP, VPN gateways, and uncovered administration ports of firewalls, backups, cloud accounts and storage, and community hooked up storage (NAS).
To stay safe, companies ought to restrict Internet entry to solely important gadgets, holding all others on the native community. They must also make sure that all software program and {hardware} is updated and that their workers are conscious of the most recent phishing and social engineering methods.
Through Hacker News
- About 50,000 Cisco Firewalls Are Vulnerable to Attacks, So Patch Now
- Take a take a look at our information on the perfect authenticator app
- We’ve rounded up the perfect password managers.