"In an advisory published this week, the network security vendor warned customers that attackers are exploiting CVE-2025-32978, a 9.3-rated vulnerability affecting Firebox firewalls. The bug allows unauthenticated attackers to execute arbitrary commands remotely, effectively handing over control of the firewall if the device is reachable over the internet. WatchGuard said the bug resides in the Fireware OS Internet Key Exchange (IKE) service and can be exploited remotely, without authentication, to execute arbitrary code on vulnerable Firebox devices."
"Firewalls and edge appliances have become a favorite target for attackers precisely because they sit at the boundary of enterprise networks and often run with high privileges. A successful exploit doesn't just compromise a single server; it can provide visibility into traffic, credentials, VPN connections, and downstream systems, all while hiding inside a box that many defenders implicitly trust."
A critical unauthenticated remote code execution vulnerability (CVE-2025-32978) affects WatchGuard Firebox firewalls and carries a 9.3 severity rating. The flaw resides in the Fireware OS Internet Key Exchange (IKE) service and allows remote execution of arbitrary commands when devices are reachable over the internet. The vulnerability impacts mobile user VPNs with IKEv2 and branch office VPNs using IKEv2 configured with dynamic gateway peers, and devices can remain vulnerable after certain configurations are deleted. Active exploitation has been observed and indicators of compromise were released. The immediate remediation is to apply the latest firmware updates; a temporary workaround is available for unpatched systems.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]