WatchGuard has alerted users to a critical remote code execution (RCE) vulnerability, identified as CVE-2025-14733, affecting its Firebox firewalls. This flaw impacts devices running Fireware OS versions 11.x, 12.x, and 2025.1. The vulnerability stems from an out-of-bounds write issue, allowing unauthenticated attackers to execute malicious code remotely on unpatched devices. Attackers have already been observed exploiting this weakness in the wild, particularly in configurations using IKEv2 VPN. While only vulnerable if configured for IKEv2, even deleted configurations can leave devices exposed if a branch office VPN to a static gateway peer remains active. WatchGuard has provided a temporary workaround for those unable to patch immediately: admins should disable dynamic peer BOVPNs, establish new firewall policies, and disable default policies managing VPN traffic. Specific models affected include various T-series and M-series devices running different Fireware OS versions. This vulnerability follows a similar one, CVE-2025-9242, which WatchGuard patched in September and which CISA later flagged as actively exploited. Over 75,000 Firebox firewalls were found vulnerable to that earlier flaw, primarily in North America and Europe. Organizations using these firewalls should check for indicators of compromise and rotate all locally stored secrets on affected appliances to mitigate risks.