**U.S. CISA Adds WatchGuard Fireware OS Flaw to Known Exploited Vulnerabilities Catalog**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in WatchGuard Fireware OS to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2025-14733 (CVSS Score of 9.3), is a remote out-of-bounds write vulnerability that can be exploited without authentication.

The vulnerability affects multiple Fireware OS branches, including versions 11.10.2–11.12.4_Update1, 12.0–12.11.5, and 2025.1–2025.1.3. It impacts IKEv2 VPN services (Mobile User VPN or Branch Office VPN) that are configured with a dynamic gateway peer. Specially crafted network traffic can trigger improper memory handling, allowing an attacker to write data outside the intended memory bounds and potentially leading to arbitrary code execution on the affected device.

According to WatchGuard's advisory, "An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer."

WatchGuard has released detailed Indicators of Attack (IoAs) and mitigation guidance to help customers detect and reduce the risk of exploitation of this vulnerability. The vendor recommends rotating all locally stored secrets on affected Firebox devices after updating, as administrators who detect suspicious activity are advised to do.

If immediate patching is not possible, WatchGuard suggests temporarily following its best practices for securing IPSec/IKEv2 Branch Office VPNs. This workaround reduces exposure but does not replace the need to install the official fix as soon as possible.

The CISA has ordered federal agencies to address the identified vulnerabilities by December 26, 2025, in accordance with Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Private organizations are also advised to review the catalog and address the vulnerabilities in their infrastructure.

Security experts note that this vulnerability is a high-priority target for exploitation due to its characteristics, which include remote code execution on a perimeter device, exposure via a public-facing VPN service, and pre-auth exploitability. The HackerNews has also flagged an IP address linked to the exploitation of two recently disclosed flaws in Fortinet FortiOS.

As part of ongoing efforts to address vulnerabilities in WatchGuard Fireware OS, CISA added another flaw, tracked as CVE-2025-9242, to the KEV catalog in November. In mid-October, researchers revealed details of the critical vulnerability CVE-2025-9242 (CVSS score of 9.3) in WatchGuard Fireware.

The recent addition of CVE-2025-14733 to the KEV catalog serves as a reminder of the importance of timely patching and vulnerability management in maintaining network security. With CISA's directive, federal agencies have until December 26, 2025, to address this critical vulnerability.