Critical out-of-bounds write vulnerability in WatchGuard Fireware OS affecting IKEv2 VPN services that allows unauthenticated remote code execution. This is actively exploited in the wild according to CISA KEV and affects security appliances that are inherently internet-facing by design.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-09-17
Added to CISA KEV: 2025-11-12 56 DAYS BETWEEN CVE AND KEV
CVE-2025-9242 is a critical out-of-bounds write vulnerability affecting WatchGuard Fireware OS, specifically the `iked` process responsible for IKEv2 VPN negotiations [1][8]. This vulnerability allows for unauthenticated remote code execution [11][10].
Here's a breakdown of what is known about its exploitation:
WatchGuard disclosed CVE-2025-9242 in a security bulletin on September 17 and rated the vulnerability with a critical-severity score of 9.3. The security problem is an out-of-bounds write in the Fireware OS ‘iked’ process, which handles IKEv2 VPN negotiations. The flaw can be exploited without authe…
CVE-2025-9242.These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a livin…
CISA Adds Three Known Exploited Vulnerabilities to Catalog · CVE-2025-9242 WatchGuard Firebox Out-of-Bounds Write Vulnerability · CVE-2025-12480 ...
CVE-2025-9242. WatchGuard Firebox Out-of-Bounds Write Vulnerability ... Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM- ...
September 17, 2025. CVE-2025-9242: Critical Unauthenticated Out-of-Bounds Write Vulnerability in WatchGuard Firebox.Additionally, devices should be continuously audited for potential weaknesses in internet-accessible services, and vulnerable services should be kept off the public internet where poss…