CVE-2025-9242: Critical Unauthenticated Out-of-Bounds Write Vulnerability in WatchGuard Firebox

On 17 September 2025, WatchGuard released fixes for a critical out-of-bounds write vulnerability (CVE-2025-9242) in the iked process of WatchGuard Fireware OS, which powers their Firebox firewall appliances. This flaw allows a remote unauthenticated threat actor to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN with IKEv2 when configured with a dynamic gateway peer. 

Arctic Wolf has not observed exploitation of CVE-2025-9242 in the wild, nor identified a publicly available proof of concept. This vulnerability remains an attractive target for threat actors, as firewalls are high-value assets. For example, Arctic Wolf recently observed ransomware activity targeting SonicWall firewall devices for initial access. Two other WatchGuard Firebox vulnerabilities were also exploited in 2022. 

Recommendation for CVE-2025-9242

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version. 

Note: A Firebox may still be vulnerable if a branch office VPN to a static gateway remains configured, even if mobile user VPNs with IKEv2 or branch office VPNs to dynamic gateways have been deleted. 

Please follow your organisation’s patching and testing guidelines to minimise potential operational impact. 

Workaround (Optional)

For users who are unable to immediately upgrade their Firebox, WatchGuard recommends following their guidance for Secure Access to Branch Office VPNs that Use IPSec and IKEv2 as a temporary workaround. This workaround is only applicable when the Firebox is configured solely with branch office VPN tunnels to static gateway peers. 

References 

• WatchGuard Advisory

Resources

Understand the threat landscape with our annual review highlighting cyber threats with the 2025 Security Operations Report. 

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.