CISA: ‘Critical’ WatchGuard Firebox Vulnerability Exploited In Attacks

The vulnerability in WatchGuard’s next-generation firewall ‘poses significant risks,’ the U.S. cybersecurity agency says.

A critical-severity vulnerability impacting customers of WatchGuard’s next-generation firewall, Firebox, has seen exploitation in cyberattacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Friday.

The remote code execution flaw (tracked as CVE-2025-14733) was disclosed Thursday by WatchGuard in an advisory that referenced attempted exploitation by attackers.

[Related: 10 Major Cyberattacks And Data Breaches In 2025]

WatchGuard has “observed threat actors actively attempting to exploit this vulnerability in the wild,” the company said. The advisory did not specify whether the attempts had been successful in compromising Firebox devices.

However, CISA disclosed Friday that based on “evidence of active exploitation,” the agency has now added the flaw to its catalog of exploited vulnerabilities.

CISA said it is urging a quick response to the threat by setting a deadline of Dec. 26 for patching, which gives federal agencies just a week to remediate the issue.

This flaw impacts Fireware OS 11.10.2 (up to and including 11.12.4_Update1); version 12.0 (up to and including 12.11.5); and version 2025.1 (up to and including 2025.1.3), WatchGuard said in its advisory.

The out-of-bounds write vulnerability “may allow a remote unauthenticated attacker to execute arbitrary code,” the company said.

In a statement provided to CRN Friday, WatchGuard said an internal investigation had identified the vulnerability on Monday and a “patch was quickly made available” on Thursday.

The vulnerability has received a severity score of 9.3 out of 10.0, making it a “critical” issue.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in its advisory Friday.

While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [such] vulnerabilities as part of their vulnerability management practice,” CISA said.

In its statement provided to CRN, WatchGuard noted that the Firebox attacks are part of a “wider attack campaign against edge networking and exposed infrastructure from multiple vendors.”