Critical vulnerability in Firebox firewalls: WatchGuard recommends prompt update
Attackers can target certain firewall models from WatchGuard's Firebox series. A security patch is available.
(Image: Black_Kira/Shutterstock.com)
Due to a "critical" security vulnerability, attacks on some firewalls from the manufacturer WatchGuard are conceivable. Even though, according to the manufacturer, there are no indications of attacks yet, it recommends a prompt update.
Malicious code attack possible
In a warning message, WatchGuard lists the vulnerable Firebox models such as T15, T70, and M4800. The article reads as if instances are only vulnerable if they are configured with Mobile User VPN with IKEv2 and Branch Office VPN with IKEv2 and Dynamic Gateway Peer. Apparently, devices are also vulnerable if this configuration existed in the past but has since been deleted.
If this is the case, attackers can, according to the description, exploit the vulnerability (CVE-2025-9242 "critical") remotely and without authentication. This then leads to a memory error (out-of-bounds) and attackers can execute malicious code. Due to the classification of the vulnerability, it can be assumed that systems are then considered completely compromised. How attacks could proceed in detail is not yet known.
Videos by heise
Securing instances
To prevent attacks, administrators must install one of the repaired versions of Fireware OS:
- 12.3.1_Update3 (B722811)
- 12.5.13
- 12.11.4
- 2025.1.1
The developers point out that support for Fireware OS 11.x has expired and the version string will no longer receive security patches. At this point, administrators must upgrade to a version that is still supported. If administrators are unable to install the security patch immediately, the manufacturer recommends securing the system with a temporary solution.
(des)
