WatchGuard Warns of Actively Exploited RCE in Firebox
🔒 WatchGuard has issued an urgent advisory for a critical remote code execution vulnerability (CVE-2025-14733) affecting Firebox appliances running Fireware OS 11.x, 12.x and 2025.1 releases. The flaw enables unauthenticated attackers to execute code via an out-of-bounds write when IKEv2 VPN is enabled. WatchGuard reports active exploitation in the wild and provides a temporary workaround for Branch Office VPN configurations where immediate patching is not possible. Administrators are urged to apply vendor updates and review provided indicators of compromise.
