CVE-2025-14733
Out-of-Bounds Write in WatchGuard Fireware VPN Enables RCE
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware | From 11.10.2 (inc) to 12.5.15 (exc) |
| watchguard | firebox_t15 | * |
| watchguard | firebox_t35 | * |
| watchguard | fireware | From 11.10.2 (inc) to 12.11.6 (exc) |
| watchguard | firebox_m270 | * |
| watchguard | firebox_m290 | * |
| watchguard | firebox_m370 | * |
| watchguard | firebox_m390 | * |
| watchguard | firebox_m440 | * |
| watchguard | firebox_m4600 | * |
| watchguard | firebox_m470 | * |
| watchguard | firebox_m4800 | * |
| watchguard | firebox_m5600 | * |
| watchguard | firebox_m570 | * |
| watchguard | firebox_m5800 | * |
| watchguard | firebox_m590 | * |
| watchguard | firebox_m670 | * |
| watchguard | firebox_m690 | * |
| watchguard | firebox_nv5 | * |
| watchguard | firebox_t20 | * |
| watchguard | firebox_t25 | * |
| watchguard | firebox_t40 | * |
| watchguard | firebox_t45 | * |
| watchguard | firebox_t55 | * |
| watchguard | firebox_t70 | * |
| watchguard | firebox_t80 | * |
| watchguard | firebox_t85 | * |
| watchguard | fireboxcloud | * |
| watchguard | fireboxv | * |
| watchguard | fireware | From 2025.1 (inc) to 2025.1.4 (exc) |
| watchguard | firebox_t115-w | * |
| watchguard | firebox_t125 | * |
| watchguard | firebox_t125-w | * |
| watchguard | firebox_t145 | * |
| watchguard | firebox_t145-w | * |
| watchguard | firebox_t185 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Out-of-bounds Write in WatchGuard Fireware OS that may allow a remote unauthenticated attacker to execute arbitrary code. It affects the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. The affected versions include Fireware OS 11.10.2 up to 11.12.4_Update1, 12.0 up to 12.11.5, and 2025.1 up to 2025.1.3.
How can this vulnerability impact me? :
This vulnerability can allow a remote unauthenticated attacker to execute arbitrary code on the affected system, potentially leading to full compromise of the device running WatchGuard Fireware OS. This could result in unauthorized access, data theft, disruption of services, or further attacks within the network.