WatchGuard has disclosed a critical vulnerability, CVE-2025-9242 (CVSS 9.3), in WatchGuard Fireware that is actively being exploited, affecting over 54,000 Firebox devices worldwide and allowing attackers to execute code without authentication, potentially disrupting network services.

Affected Systems:

• Firebox devices running Fireware OS 11.10.2–11.12.4_Update1, 12.0–12.11.3, and 2025.1

Security Risks

Successful exploitation of this flaw could allow attackers to take control of Firebox devices, interrupt VPN connections, and access sensitive network data, putting organizations at serious operational and security risk.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Follow the Watchguard Security Advisory and apply the recommended updates to reduce vulnerability exploitation risk.

• Ensure you have the latest backup that can be easily restored before applying any updates or patches.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.watchguard.com/wgrd-psirt/advisories

• CISA - Known Exploited Vulnerabilities Catalog

• CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

• Watchguard Security advisory