Critical WatchGuard Firebox Vulnerability Exploited in Attacks
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls. The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
A recent critical-severity vulnerability in WatchGuard Firebox firewalls has been exploited in the wild, the US cybersecurity agency CISA warns.
Powered by WatchGuard’s Fireware OS, the Firebox network security devices control all traffic to and from the internal network, and are designed to protect the environment from external threats.
In September, WatchGuard warned that a critical-severity out-of-bounds write bug in the Fireware OS iked process could be exploited for unauthenticated remote code execution.
Source: https://www.securityweek.com/critical-watchguard-firebox-vulnerability-exploited-in-attacks/
Related breach coverage
- WatchGuard Patches Firebox Zero-Day Exploited in the Wild2025-12-22
The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution. The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek.
- Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day2025-11-21
CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek.
- Critical Langflow Vulnerability Exploited Hours After Public Disclosure2026-03-20
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
- Critical Zyxel router flaw exposed devices to remote attacks2026-02-25
Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2025-13942 (CVSS score of 9.8), affecting more than a dozen router models. A command injection flaw in the UPnP feature of several Zyxel CPEs, Fiber ONTs, and […]