Critical WatchGuard 0-Day Vulnerability Exploited to Hijack Firewalls
A critical zero-day vulnerability, identified as CVE-2025-14733, has been discovered in WatchGuard Firebox firewalls, allowing remote attackers to execute arbitrary code without authentication. This flaw, rated 9.3 out of 10 in severity, resides in the ‘ike’ process responsible for handling VPN connections, specifically affecting Mobile User VPN and Branch Office VPN configurations utilizing IKEv2. By sending specially crafted requests, attackers can corrupt system memory, potentially leading to complete firewall control.
WatchGuard has confirmed active exploitation of this vulnerability and has provided indicators of compromise (IoCs) to assist administrators in detecting potential attacks. These IoCs include specific suspicious IP addresses and signs such as large certificate payloads, extended certificate chains, and unexpected process crashes.
To mitigate this threat, WatchGuard has released software updates addressing the vulnerability. Administrators are urged to upgrade to the latest Fireware OS versions immediately. In cases where devices may have been compromised, it is recommended to rotate all shared secrets stored on the device to prevent unauthorized access.
