WatchGuard Fireware OS
Easy fix5 remedies
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 11.10.2, <= 11.12.4_Update1
- >= 12.0, <= 12.11.3
- >= 2025.1, <= 2025.1
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
WatchGuard Fireware OS Out-of-Bounds Write Vulnerability in VPN IKEv2 Allowing Arbitrary Code Execution
Vulnerability
Exploited
Patched
An out-of-bounds write vulnerability has been identified in WatchGuard Fireware OS, potentially allowing remote, unauthenticated attackers to execute arbitrary code. This issue affects Fireware OS versions 11.10.2 prior to 11.12.4_Update1, 12.0 prior to 12.11.3, and 2025.1. The vulnerability arises in the iked process and impacts both Mobile User VPN and Branch Office VPN when configured with a dynamic gateway peer. Notably, devices may remain vulnerable even after deleting these VPN configurations if a Branch Office VPN to a static gateway peer is still active.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution on the affected device.
Remediation
Users can upgrade to Fireware OS 2025.1.1, 12.11.4, 12.5.13 (for T15 & T35 models), or 12.3.1_Update3 (for FIPS-certified releases). If an immediate upgrade is not possible, WatchGuard recommends following their guidelines for secure access to Branch Office VPNs that use IPSec and IKEv2 as a temporary workaround.
Added: Sep 17, 2025, 8:19 AM
Updated: Nov 12, 2025, 3:38 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
8.7remediation
8.3relevance
0.5threat
9.6urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.