WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
An urgent security update has been released to fix a critical zero-day vulnerability in WatchGuard Firebox<\/a> firewalls. With warnings that hackers are already actively exploiting the flaw in the wild to take control of affected devices.<\/p>\n The vulnerability, tracked as\u00a0CVE-2025-14733, carries a critical severity score of\u00a09.3 out of 10. It allows a remote attacker to execute malicious code on the firewall <\/a>without needing a username or password.<\/p>\n The issue is described as an \u201cOut-of-bounds Write<\/a>\u201d vulnerability located in the\u00a0ike process, which handles VPN connections on the device.<\/p>\n Specifically, the flaw affects the Mobile User VPN and Branch Office VPN (when using IKEv2). It occurs when the system tries to process a connection request.<\/p>\n If an attacker sends a specially crafted request, they can corrupt the system\u2019s memory and hijack the firewall.<\/p>\n WatchGuard noted that even after deleting a\u00a0vulnerable VPN<\/a>\u00a0configuration, your device may remain at risk if a Branch Office VPN with a static gateway remains<\/span> active.<\/p>\n WatchGuard confirmed they have \u201cobserved threat actors actively attempting to exploit this vulnerability.\u201d To help administrators defend their networks, they released specific indicators of compromise (IoCs<\/a>).<\/p>\n Suspicious IP Addresses:<\/p>\nActive 0-Day Exploitation Detected<\/strong><\/h2>\n