8:53am, 23 December 2025
TLP Rating:
CVE-2025-14733 affecting Watchguard Fireware OS
A critical vulnerability in WatchGuard Fireware OS is under active exploitation.
CVE-2025-14733 is an out-of-bounds write vulnerability affecting the iked process of WatchGuard Fireware OS. Exploitation of this vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code.
The NCSC encourages organisations in New Zealand that use the affected products to review the vendor advisory and apply the remediation as soon as possible.
What's happening
Systems affected
This vulnerability affects the following versions of Fireware OS:
- 2025.1 - Fixed in 2025.1.4
- 12.x - Fixed in 12.11.6
- 12.5.x (T15 & T35 models) - Fixed in 12.5.15
- 12.3.1 (FIPS-certified release) - Fixed in 12.3.1_Update4 (B728352)
- 11.x (11.10.2 up to and including 11.12.4_Update1) - End-of-Life
What to look for
How to tell if you're at risk
This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.
If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured.
How to tell if you're affected
WatchGuard has identified the following IP addresses as Indicators of Compromise:
- 45.95.19[.]50
- 51.15.17[.]89
- 172.93.107[.]67
- 199.247.7[.]82
Refer to the vendor advisory for further indicators and information for reviewing logs.
What to do
Prevention
To prevent exploitation, upgrade affected devices to the latest patch. If this is not possible, follow the vendor’s advice on Secure Access to Branch Office VPNs that Use IPSec and IKEv2.
More information
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.