WatchGuard has identified a serious remote code execution vulnerability in Firebox firewalls, affecting certain Fireware OS versions. Attackers can exploit this flaw without user interaction, particularly if the firewalls are configured for IKEv2 VPN. The company urges immediate patching and offers workarounds for those unable to update.

Over 73,000 WatchGuard Firebox devices are vulnerable to a critical flaw that allows remote code execution without authentication. The issue affects devices running the Fireware OS, with many remaining unpatched despite the release of updates a month prior.

WatchGuard has issued security updates to fix a critical remote code execution vulnerability (CVE-2025-9242) in its Firebox firewalls, which could allow attackers to execute malicious code if the devices are configured to use IKEv2 VPN. While the vulnerability has not been exploited in the wild, administrators are urged to patch their devices due to the attractive target that firewalls present to threat actors. A temporary workaround is also available for those unable to apply the updates immediately.