CISA Flags Critical WatchGuard Flaw

CISA Flags Critical WatchGuard Fireware Flaw (CVE-2025-9242)

CISA added CVE-2025-9242 to its KEV catalogue, warning that 54,000+ WatchGuard Fireboxes are exposed. The flaw is an out-of-bounds write in the iked process that can enable unauthenticated remote code execution. Affected Fireware versions span 11.10.2–11.12.4_U1, 12.0–12.11.3 and 2025.1. WatchGuard patched in September; agencies and enterprises should update, restrict management access and monitor for exploitation.

Patch your Firebox before somebody else does
CISA has flagged a critical WatchGuard Fireware bug — CVE-2025-9242 — that lets an attacker run code on your firewall without logging in. The culprit is an out-of-bounds write in the iked process, affecting a long list of versions. WatchGuard shipped fixes in September; CISA’s warning means exploitation is happening.

Why it’s nasty
Firewalls are the castle walls. A pre-auth RCE on the wall is… no wall. Expect device takeover, traffic inspection, rule tampering and pivoting inwards if you leave it unpatched.

What to do today
• Update Fireware to the patched releases now.
• Restrict management interfaces to trusted admin hosts/VPN.
• Disable unused remote-access features; rotate admin creds.
• Monitor for suspicious iked crashes, unexpected processes and config changes.

If your firewall is on the naughty list, fix it before attackers write their own rules for your network.