CISA Adds Critical WatchGuard Fireware OS Vulnerability (CVE-2025-14733) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-14733, a critical out-of-bounds write vulnerability in WatchGuard Fireware OS, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 9.3, affects WatchGuard Firebox firewalls and poses a significant risk due to its potential for remote code execution or denial-of-service attacks. Out-of-bounds write vulnerabilities occur when software writes data past the end of an allocated buffer, often leading to memory corruption and arbitrary code execution. In the context of firewall software, successful exploitation could allow attackers to bypass security controls, exfiltrate data, or pivot to internal networks. CISA's inclusion of this vulnerability in the KEV catalog indicates a high risk of exploitation, though the source does not confirm active exploitation in the wild. Federal agencies are required to apply patches according to CISA's binding operational directive, but all organizations using WatchGuard Firebox should prioritize remediation. Immediate action includes identifying affected devices, applying the latest security updates from WatchGuard, and monitoring for suspicious activity. The lack of specific details on affected versions or exploitation vectors in the source material underscores the importance of consulting WatchGuard's official advisories for comprehensive mitigation guidance.