OOB Write WatchGuard Fireware OS 11.10.2-12.11.3 Mobile/Branch VPN (IKEv2) RCE
CVE-2025-9242 Published on September 17, 2025
WatchGuard Firebox iked Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
Known Exploited Vulnerability
This WatchGuard Firebox Out-of-Bounds Write Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
The following remediation steps are recommended / required by December 3, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2025-9242 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2025-9242
Want to know whenever a new CVE is published for Watchguard Fireware Os? stack.watch will email you.
Affected Versions
WatchGuard Fireware OS:- Version 12.0, <= 12.11.3 is affected.
- Version 11.10.2, <= 11.12.4+541730 is affected.
- Version 2025.0, <= 2025.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.