vulnerability🌐InternationalCSO Online
WatchGuard fixes ‘critical’ zero-day allowing firewall takeover
Saturday, December 20, 2025
What
The vulnerability, tracked as CVE-2025-14733, affects the iked process in WatchGuard Fireware OS and enables remote code execution without authentication through specially crafted network traffic. It impacts multiple Fireware OS versions, and exploitation attempts have already been detected, marking it as a zero-day vulnerability. Administrators are advised to check for signs of compromise and rotate stored secrets post-patching.
Where
Global, affecting users of WatchGuard Firebox appliances.
When
The vulnerability was disclosed on December 18, 2025, with active exploitation reported prior to the patch release.
Key Factors
- •CVE-2025-14733 has a CVSS score of 9.3, indicating critical severity.
- •The flaw allows remote unauthenticated attackers to execute arbitrary code.
- •Previous configurations of VPN services may still leave devices vulnerable even after patching.
Takeaways
- →Organizations must prioritize patching critical vulnerabilities promptly to mitigate risks.
- →The incident underscores the importance of monitoring for signs of compromise even after applying patches.
- →Administrators should perform thorough checks and rotate secrets if exploitation is suspected.
