A critical zero-day vulnerability, CVE-2025-14733, is causing significant concern among network administrators as it threatens the security of WatchGuard firewalls. With a high CVSS score of 9.3, this flaw permits unauthenticated attackers to execute arbitrary code, potentially taking over corporate firewalls. The urgency is heightened as threat actors are actively exploiting this vulnerability.
The issue lies within the iked process, responsible for IKEv2 negotiations for VPNs, which can be manipulated to perform unauthorized operations. Remote attackers can trigger an “Out-of-bounds Write” error, leading to memory corruption and altering system behavior. By sending specially crafted malicious packets to the firewall’s VPN interface, attackers can disrupt services or execute commands with high-level privileges.
This vulnerability is particularly persistent, affecting mobile VPN and branch office VPN configurations using IKEv2. Simply disabling the feature might not suffice due to the risk of a “zombie” configuration, where vulnerabilities persist even after deleting certain configurations.
WatchGuard has provided indicators of attack (IoAs) to help identify if systems are compromised, noting that exploit attempts often leave traces in logs, such as unusually large certificate payloads. Several IP addresses have been linked to the exploitation campaign. The vulnerability impacts multiple versions of Fireware OS, but patched versions are now available, and immediate updates are strongly recommended.
Despite patching, devices may still harbor compromised data, emphasizing the need for thorough security checks. Stay informed about cybersecurity updates by following us on Google News.
