The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a critical vulnerability in WatchGuard Firebox security appliances identified as CVE-2025-9242. This out-of-bounds write vulnerability exists within the OS iked process, enabling remote, unauthenticated attackers to potentially execute arbitrary code on the device. The implications of this flaw are severe, as compromised devices could be leveraged to distribute malware, exfiltrate sensitive information, or breach organizational networks.
CISA has emphasized the urgency for organizations utilizing these appliances to implement vendor mitigation strategies immediately. Given the active threat environment and the critical nature of this vulnerability, there is a significant risk of exploitation. Although there is currently no confirmed use of this vulnerability in ransomware incidents, CISA warns that cybercriminals may target it at any moment. Organizations unable to apply mitigations should consider discontinuing the use of affected devices and adhere strictly to guidance to minimize risks associated with CVE-2025-9242.
👉 Pročitaj original: Cyber Security News
