Critical WatchGuard Fireware OS Vulnerability (CVE-2025-14733) Actively Exploited

WatchGuard has released patches for a critical vulnerability in its Fireware OS, identified as CVE-2025-14733 with a CVSS score of 9.3. This vulnerability is an out-of-bounds write flaw affecting the iked (IKE daemon) process. It allows unauthenticated remote attackers to execute arbitrary code on affected systems. The vulnerability specifically impacts the VPN solutions within Fireware OS. The source message does not specify which versions of Fireware OS are affected, nor does it provide details on the specific targets of the ongoing attacks or the initial date of exploitation. Given the critical nature of this vulnerability and its active exploitation in the wild, organizations using WatchGuard Fireware OS should prioritize patching affected systems immediately. Out-of-bounds write vulnerabilities are particularly dangerous as they can lead to remote code execution with elevated privileges. The fact that this vulnerability affects the IKE daemon suggests that attackers may be leveraging VPN exposures to gain access to internal networks. The lack of specific version information in the provided message makes it difficult for organizations to assess their exposure. This vulnerability underscores the continuing risk posed by VPN solutions exposed to the internet. The active exploitation of this flaw highlights the importance of timely patching and robust network segmentation. Without access to the original article for additional details, organizations should refer to WatchGuard's official advisories and apply the provided patches without delay.