Major Security Flaw in WatchGuard Firewalls Threatens Networks

The Australian Cyber Security Centre (ACSC) has issued a Critical alert about a serious vulnerability in WatchGuard Firebox firewalls. This Out-of-Bounds Write flaw (CVE-2025-14733) in the Fireware OS allows unauthenticated remote code execution (RCE). In other words, attackers can run code on unpatched Firebox devices without any login credentials. The ACSC advises that all Australian organisations should review their networks for this issue.

Key Facts

• Active Exploitation: ACSC confirms threat actors are actively exploiting this vulnerability.

• Affected Devices: Firebox appliances running Fireware OS 11.10.2–11.12.4_Update1, 12.0–12.11.5, or 2025.1–2025.1.3 are vulnerable.

• Unauthenticated RCE: CVE-2025-14733 requires no credentials. Successful exploitation grants full control of the firewall device.

• Scope: All Australian businesses – from SMEs to large enterprises – use WatchGuard firewalls and must take notice.
  

Business Impact

• Firewall Breach: The fact is that the entry points have been used to get the unauthorised access by attackers, which allows them to evade all kinds of security measures related to the firewall. These kinds of attempts make the systems of the company unsafe and put them at risk for the attacks. 
• Full System Control: Remote Code Execution (RCE) is used by the attacker as a means of obtaining control over the firewall device itself. The attacker would likely be able to completely control that device,e. It also includes the ability to remove all security related to the device and change configurations associated with the use of that device. It would also be possible for the attacker, with complete control over the device, to store confidential information from the organisation on that device.  
• Lateral Movement: Once attackers have gained unauthorised access through the firewall, they will typically be able to transfer from one part of the network to another and, thus, from one device to another. As a result, the attack could then spread beyond the firewall device and into multiple devices, increasing the overall damage of the attack.

Immediate Actions

• Inventory: Identify any WatchGuard Firebox devices on your network. Check Fireware OS versions immediately against the affected list.

• Patch: Download and install the patch for CVE-2025-14733 supplied by WatchGuard in order to upgrade the Fireware OS in order to close off the Security Vulnerability.

• Monitor: Review firewall logs for signs of exploitation. WatchGuard’s advisory provides specific indicators (for example, unusual IKEv2 certificate chains or crashed iked processes) to detect attacks.

• Validate: After patching, ensure the firewall is fully secured. For example, rotate any stored admin passwords or shared secrets on the device as recommended.
  

How Protectera Can Help

At Protectera, we turn ACSC alerts into clear action plans. We can help you scan for vulnerable Firebox devices, verify that patches are correctly applied, and test for any remaining exposure. Our consultants work with your IT team to align defences with government guidance (such as the Essential Eight) and industry best practices. By acting now, we help your organisation respond before damage occurs.

Ready to get started? At Protectera, we guide businesses through every step of cybersecurity readiness. Speak with our experienced team today to learn how we can protect your network. Call us on 02 7227 5428 or book a free consultation. Also, follow us on LinkedIn for the latest updates.