Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-9242
Analyzed
More InfoOfficial Page
Source-5d1c2695-1a31-4499-88ae-e847036fd7e3
View Known Exploited Vulnerability (KEV) details
Published At-17 Sep, 2025 | 08:15
Updated At-14 Nov, 2025 | 02:00

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-11-122025-12-03WatchGuard Firebox Out-of-Bounds Write VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2025-11-12
Due Date: 2025-12-03
Vulnerability Name: WatchGuard Firebox Out-of-Bounds Write Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
WatchGuard Technologies, Inc.
watchguard
>>fireware>>Versions from 11.10.2(inclusive) to 12.11.4(exclusive)
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m270>>*
cpe:2.3:h:watchguard:firebox_m270:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m290>>*
cpe:2.3:h:watchguard:firebox_m290:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m370>>*
cpe:2.3:h:watchguard:firebox_m370:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m390>>*
cpe:2.3:h:watchguard:firebox_m390:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m440>>*
cpe:2.3:h:watchguard:firebox_m440:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m4600>>*
cpe:2.3:h:watchguard:firebox_m4600:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m470>>*
cpe:2.3:h:watchguard:firebox_m470:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m4800>>*
cpe:2.3:h:watchguard:firebox_m4800:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m5600>>*
cpe:2.3:h:watchguard:firebox_m5600:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m570>>*
cpe:2.3:h:watchguard:firebox_m570:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m5800>>*
cpe:2.3:h:watchguard:firebox_m5800:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m590>>*
cpe:2.3:h:watchguard:firebox_m590:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m670>>*
cpe:2.3:h:watchguard:firebox_m670:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_m690>>*
cpe:2.3:h:watchguard:firebox_m690:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_nv5>>*
cpe:2.3:h:watchguard:firebox_nv5:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t20>>*
cpe:2.3:h:watchguard:firebox_t20:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t25>>*
cpe:2.3:h:watchguard:firebox_t25:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t40>>*
cpe:2.3:h:watchguard:firebox_t40:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t45>>*
cpe:2.3:h:watchguard:firebox_t45:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t55>>*
cpe:2.3:h:watchguard:firebox_t55:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t70>>*
cpe:2.3:h:watchguard:firebox_t70:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t80>>*
cpe:2.3:h:watchguard:firebox_t80:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t85>>*
cpe:2.3:h:watchguard:firebox_t85:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>fireboxcloud>>*
cpe:2.3:h:watchguard:fireboxcloud:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>fireboxv>>*
cpe:2.3:h:watchguard:fireboxv:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>fireware>>Versions from 11.10.2(inclusive) to 12.5.13(exclusive)
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t15>>*
cpe:2.3:h:watchguard:firebox_t15:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t35>>*
cpe:2.3:h:watchguard:firebox_t35:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>fireware>>2025.1
cpe:2.3:o:watchguard:fireware:2025.1:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t115-w>>*
cpe:2.3:h:watchguard:firebox_t115-w:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t125>>*
cpe:2.3:h:watchguard:firebox_t125:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t125-w>>*
cpe:2.3:h:watchguard:firebox_t125-w:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t145>>*
cpe:2.3:h:watchguard:firebox_t145:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t145-w>>*
cpe:2.3:h:watchguard:firebox_t145-w:*:*:*:*:*:*:*:*
WatchGuard Technologies, Inc.
watchguard
>>firebox_t185>>*
cpe:2.3:h:watchguard:firebox_t185:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondary5d1c2695-1a31-4499-88ae-e847036fd7e3
CWE ID: CWE-787
Type: Secondary
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-000155d1c2695-1a31-4499-88ae-e847036fd7e3
Vendor Advisory
https://github.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242/blob/main/watchTowr-vs-WatchGuard-CVE-2025-9242.py134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9242134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
Resource:
Vendor Advisory
Hyperlink: https://github.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242/blob/main/watchTowr-vs-WatchGuard-CVE-2025-9242.py
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9242
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found