Worrying WatchGuard VPN bug could let hackers hijack your devices - here's
how to stay safe
Date:
Mon, 20 Oct 2025 13:10:00 +0000
Description:
A WatchGuard VPN patch is already available - so make sure you apply it as soon as possible.
FULL STORY ======================================================================CVE-2025 -9242 allows unauthenticated remote code execution on WatchGuard Fireware devices Vulnerability affects VPN configurations using IKEv2 with dynamic gateway peers Businesses should patch affected versions and restrict internet access to essential devices only
WatchGuard Fireware, the operating system powering much of WatchGuards software, carried a critical severity vulnerability that allowed threat
actors to execute arbitrary code remotely and essentially take over compromised devices, the company has warned.
The vulnerability is tracked as CVE-2025-9242, and was given a severity score of 9.3/10 (critical). It is described as an out-of-bounds write vulnerability that allows unauthenticated entities to execute arbitrary code.
"This vulnerability affects both the mobile user VPN with IKEv2 and the
branch office VPN using IKEv2 when configured with a dynamic gateway peer, WatchGuard explained in a recent security advisory. Music to ransomware
gangs' ears
Versions 11.10.2 to 11.12.4_Update 1 were said to be affected, as well as versions 12.0 - 12.11.3 and 2025.1. FireGuard released patches, addressing
the flaw in these versions:
2025.1 - Fixed in 2025.1.1
12.x - Fixed in 12.11.4
12.3.1 (FIPS-certified release) - Fixed in 12.3.1_Update3 (B722811)
12.5.x (T15 & T35 models) - Fixed in 12.5.13)
11.x - Reached end-of-life
In their analysis of the flaw, security researchers watchTowr described it as having all the characteristics your friendly neighborhood ransomware gangs love to see - it was found in an internet-connected device, can be exploited without authentication, and allows for remote malicious code execution.
Ransomware operators love targeting firewalls and routers since these serve
as gateways for most internet traffic on a network.
They also focus on file servers and domain controllers, since encrypting them disrupts many users, as well as remote-access services like RDP, VPN gateways and exposed management ports of firewalls, backups, cloud storage and accounts, and network-attached storage (NAS).
To remain secure, businesses should limit internet access to only essential devices, keeping all others on the local network. They should also make sure all the software and hardware is updated, and that their employees are aware of the latest phishing and social engineering techniques.
Via The Hacker News
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Around 50,000 Cisco firewalls are vulnerable to attack, so patch now Take a look at our guide to the best authenticator app We've
rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/researchers-uncover-watchguard-vpn-bug- that-could-let-attackers-take-over-devices
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)