CVE-2025-9242 affecting WatchGuard Fireware OS

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

10:31am, 29 October 2025

TLP Rating: Clear

CVE-2025-9242 affecting WatchGuard Fireware OS

CVE-2025-9242, if exploited, could allow a remote, unauthenticated attacker to execute arbitrary code on the firewall appliance. The flaw is an out-of-bounds write vulnerability in the iked process (which handles IKEv2 VPN connections).

Since the vulnerable service is exposed to the internet (UDP port 500/4500), this vulnerability represents an extreme risk for initial network access and subsequent network compromise.

What's happening

Systems affected

The following software versions are affected by the vulnerability:

Fireware OS 2025.1.x: all versions prior to 2025.1.1
Fireware OS 12.x: all versions prior to 12.11.4
Fireware OS 12.5.x (T15 & T35models): all versions prior to 12.5.13
Fireware OS 12.3.1 (FIPS): all versions prior to 12.3.1_Update3 (B722811)
Fireware OS 11.x: (End of Life – must be replaced)

What to look for

How to tell if you're at risk

Using a Watchguard Fireware product listed in the vulnerable software versions.

What to do

Prevention

Refer to vendor advisory External Link for patch and mitigation advice.

More information

If you require more information or further support, submit a report on our website.

CVE-2025-9242 affecting WatchGuard Fireware OS

What's happening

Systems affected

What to look for

How to tell if you're at risk

What to do

Prevention

More information

How helpful was this page?