Seattle-based WatchGuard Technologies, a global cybersecurity company, has been sounding the alarm. They recently discovered two critical remote code execution vulnerabilities in their Fireware OS that pose a severe threat to users’ systems. These vulnerabilities are tracked as CVE-2025-14733 and CVE-2025-9242 respectively. Each of them carries a Common Vulnerability Scoring System (CVSS) score of 9.3, designating them as extremely severe. Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) has marked them as critical vulnerabilities, calling for immediate action by affected device owners.
CVE-2025-14733 is an important out-of-bounds write vulnerability, which impacts the iked process on Fireware OS. This security has the potential to permit a remote unauthorized attacker to run arbitrary code on vulnerable systems. Consequently, it can result in impactful data breaches or system compromises. WatchGuard has recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Users need to be proactive and swift to safeguard their safety.
Exploit Dynamics and Impact
The implications of CVE-2025-14733 are particularly concerning. During a successful exploit, the iked process will hang, causing drops in Virtual Private Network (VPN) connections. Even the exploits that succeed cause crashes in the iked process. These crashes create fault reports on the Firebox, alarming and potentially hindering an organization’s operational capabilities.
Alongside CVE-2025-14733, WatchGuard has identified another critical vulnerability: CVE-2025-9242. This vulnerability has an identical CVSS score of 9.3 and is being actively exploited in the wild and requires immediate remediation. With this, the company is recommending users to stay alert and keep a constant watch on their systems to minimize risk of exploitation.
Indicators of Compromise
To help device owners spot potential infections on their own, WatchGuard has published a number of IoCs (indicators of compromise). These IoCs can be invaluable key markers for quickly triangulating whether your WatchGuard Fireware OS instances have been compromised. Examples of notable IoCs are log messages that show unusual activity. For instance, a log stating “Received peer certificate chain is longer than 8. Reject this certificate chain” is a notable indicator. An IKE_AUTH request log message should trigger alarms if it contains a CERT payload size that is abnormally high. If it’s more than 2000 bytes, then that’s indication of a possible exploitation threat.
WatchGuard’s proactive approach focuses on empowering users with the right tools to protect their systems against these vulnerabilities. By continuously tracking the given IoCs, organizations can proactively evaluate their security posture and identify suspicious activity before a serious compromise occurs.