LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2025-14733

CVE-2025-14733

WatchGuard Firebox Out of Bounds Write Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2025-12-19. Federal remediation due 2025-12-26.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Summary

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

CVSS 3.1 breakdown

Base score9.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Watchguard firewareWatchguard firebox t15Watchguard firebox t35Watchguard firebox m270Watchguard firebox m290Watchguard firebox m370Watchguard firebox m390Watchguard firebox m440Watchguard firebox m4600Watchguard firebox m470Watchguard firebox m4800Watchguard firebox m5600Watchguard firebox m570Watchguard firebox m5800Watchguard firebox m590Watchguard firebox m670Watchguard firebox m690Watchguard firebox nv5Watchguard firebox t20Watchguard firebox t25
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-12-23. Always verify against the vendor advisory before acting.

Scroll to Top