virus logo Threat Signal Report

WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability

What is the Vulnerability?

A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices.

The vulnerability impacts both:
- Mobile user VPNs using IKEv2, and
- Branch Office VPNs using IKEv2 when configured with a dynamic gateway peer.

WatchGuard has confirmed the issue is resolved in patched releases and has reported evidence of active exploitation in the wild. Additionally, public technical analysis and proof-of-concept reproduction of the flaw are available, increasing the likelihood of broader attacks.

What is the recommended Mitigation?

  • Install vendor patches on all affected Firebox appliances.

  • Rotate all locally stored secrets on vulnerable appliances (WatchGuard recommends rotating secrets due to evidence of exploitation) - passwords, shared keys, certificates stored on the Firebox,

What FortiGuard Coverage is available?

  • Intrusion Prevention System (IPS): FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-9242. Intrusion Prevention | FortiGuard Labs

  • Incident Response Service: The FortiGuard Incident Response team is available to assist with any suspected compromise.

Additional Resources

Watchtowr Labs
Watchguard


Released Date Nov 05, 2025
Tags Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
About FortiGuard Threat Signal

Learn More »