A serious security vulnerability has been discovered in WatchGuard Firebox firewalls that are widely used by businesses and organizations worldwide. The flaw is classified as critical because it allows attackers to remotely execute malicious code on affected devices. This means hackers can take control of a firewall without needing login credentials. Security researchers warn that this issue poses a high risk to exposed networks.
The vulnerability is identified as CVE-2025-14733 and affects WatchGuard’s Fireware operating system. It exists due to improper handling of network requests in certain firewall components. If exploited, attackers can run their own commands on the device remotely. This level of access can fully compromise the security role of the firewall.
Recent internet scans show that more than 115,000 WatchGuard firewalls are currently exposed online and remain unpatched. These devices are directly reachable from the internet, making them easy targets for attackers. Many of the affected firewalls are used by small and medium-sized organizations. This large number significantly increases the potential impact of the flaw.
The vulnerability is mainly linked to the IKEv2 VPN service used by WatchGuard Firebox devices. IKEv2 is commonly enabled to allow secure remote access for employees. Attackers can exploit the flaw by sending specially crafted network traffic to the firewall. No user interaction or authentication is required for the attack to succeed.
One concerning detail is that devices may remain vulnerable even if IKEv2 settings were removed later. Firewalls that were previously configured with IKEv2 VPN may still be exposed. This makes the issue harder to detect and fix without proper updates. Administrators might falsely believe they are safe when they are not.
Security experts and WatchGuard have confirmed that this vulnerability is actively being exploited in real-world attacks. Hackers are scanning the internet to identify vulnerable firewalls. Once compromised, attackers can spy on network traffic, steal data, or move deeper into internal systems. This turns the firewall from a defense tool into an attack entry point.
Due to active exploitation, the vulnerability has been added to the Known Exploited Vulnerabilities list maintained by government cybersecurity authorities. Inclusion in this list signals that the threat is both real and urgent. Organizations are strongly advised to act immediately. Delays in fixing the issue can result in severe security breaches.
WatchGuard has released software updates that fully address the vulnerability. The company urges all users to install the latest Fireware updates without delay. For those unable to patch immediately, disabling or restricting IKEv2 access is recommended as a temporary measure. Keeping firewalls updated remains the most effective defense against such attacks.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
