WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability

Blog

Byadmblake November 6, 2025

What is the Vulnerability? A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices. The vulnerability impacts both: – Mobile user VPNs using IKEv2, and – Branch Office VPNs using IKEv2 when…

What is the Vulnerability?

A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices.

The vulnerability impacts both:

– Mobile user VPNs using IKEv2, and

– Branch Office VPNs using IKEv2 when configured with a dynamic gateway peer.

WatchGuard has confirmed the issue is resolved in patched releases and has reported evidence of active exploitation in the wild. Additionally, public technical analysis and proof-of-concept reproduction of the flaw are available, increasing the likelihood of broader attacks.

What is the recommended Mitigation?

Install vendor patches on all affected Firebox appliances.
Rotate all locally stored secrets on vulnerable appliances (WatchGuard recommends rotating secrets due to evidence of exploitation) – passwords, shared keys, certificates stored on the Firebox,

What FortiGuard Coverage is available?

Intrusion Prevention System (IPS): FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-9242.
Incident Response Service: The FortiGuard Incident Response team is available to assist with any suspected compromise.

Blog

Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges

The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges.

Read More Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges
Blog

Securing the Cloud in an Age of Escalating Cyber Threats

As threats intensify and cloud adoption expands, organizations must leave outdated security models behind.

Read More Securing the Cloud in an Age of Escalating Cyber Threats
Blog

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

Read More Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
Blog

Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers’ most prized attack tools, with massive takedowns.

Read More Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide
Blog

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. “Apple is aware of a…

Read More Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Blog

Tailing Hackers, Columbia University Uses Logging to Improve Security

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia’s research labs.

Read More Tailing Hackers, Columbia University Uses Logging to Improve Security

Related