WatchGuard has disclosed a critical vulnerability (CVE-2025-14733, CVSS 9.3) affecting Fireware OS on Firebox appliances, with active exploitation reported. The issue can allow unauthenticated remote code execution, primarily impacting devices that use IKEv2 VPNs, and may persist even if IKEv2 was previously removed.
We are validating if this applies to your devices and will immediately patch to the latest fixed Fireware OS version. This may require we establish a maintenance window to do so. As such you may receive further follow up from our engineers to setup this window with you. If you'd like more information on the CVE please use the link below.
