"WatchGuard acknowledged that it has observed threat actors actively attempting to exploit this vulnerability in the wild, with the attacks originating from the following IP addresses - Interestingly, the IP address "199.247.7[.]82" was also flagged by Arctic Wolf earlier this week as linked to the exploitation of two recently disclosed security vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8)."
"The vulnerability impacts the following versions of Fireware OS - 2025.1 - Fixed in 2025.1.4 12.x - Fixed in 12.11.6 12.5.x (T15 & T35 models) - Fixed in 12.5.15 12.3.1 (FIPS-certified release) - Fixed in 12.3.1_Update4 (B728352) 11.x (11.10.2 up to and including 11.12.4_Update1) - End-of-Life"
An out-of-bounds write vulnerability in the iked process of Fireware OS (CVE-2025-14733, CVSS 9.3) can allow remote unauthenticated attackers to execute arbitrary code. The flaw affects mobile user VPN with IKEv2 and branch office VPN using IKEv2 when configured with a dynamic gateway peer. Devices previously configured with those VPNs may remain vulnerable if a branch office VPN to a static gateway peer is still configured. Fixed releases include 2025.1.4, 12.11.6, 12.5.15, and 12.3.1_Update4; affected 11.x releases are end-of-life. WatchGuard observed active exploitation attempts and published IoCs and a sample log message for detection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]