vulnerability🌐InternationalThe Hacker News
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
Friday, December 19, 2025
What
A critical out-of-bounds write vulnerability in WatchGuard's Fireware OS has been identified, allowing remote code execution through compromised VPN configurations.
Where
Global, affecting users of WatchGuard Fireware OS products.
When
The vulnerability was disclosed on a Thursday, with active exploitation reported prior to the advisory release.
Key Factors
- •CVE-2025-14733 has a CVSS score of 9.3, indicating high severity.
- •The vulnerability affects both mobile user VPN and branch office VPN configurations using IKEv2.
- •Active exploitation has been observed from specific IP addresses, with potential links to other vulnerabilities.
Takeaways
- →Users must apply the latest patches immediately to mitigate risks.
- →The incident highlights the ongoing threat landscape for VPN services and the importance of timely updates.
- →Administrators are advised to implement temporary mitigations for vulnerable configurations until updates can be applied.
Read Full Article
Opens original article on The Hacker News
