9.8
CVE-2025-14733
- EPSS 18.05%
- Veröffentlicht 19.12.2025 00:01:55
- Zuletzt bearbeitet 23.12.2025 11:34:46
- Quelle 5d1c2695-1a31-4499-88ae-e84703
- CVE-Watchlists
- Unerledigt
LoginWatchGuard Firebox iked Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Watchguard ≫ Fireware Version >= 11.10.2 < 12.5.15
Watchguard ≫ Fireware Version >= 11.10.2 < 12.11.6
Watchguard ≫ Firebox M270
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Fireware Version >= 2025.1 < 2025.1.4
19.12.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
WatchGuard Firebox Out of Bounds Write Vulnerability
SchwachstelleWatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 18.05% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14733