"The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1. "An out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code," WatchGuard said in an advisory released last month. "This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.""
"A new analysis from watchTowr Labs has described CVE-2025-9242 as "all the characteristics your friendly neighbourhood ransomware gangs love to see," including the fact that it affects an internet-exposed service, is exploitable sans authentication, and can execute arbitrary code on a perimeter appliance. The vulnerability, per security researcher McCaulay Hudson, is rooted in the function "ike2_ProcessPayload_CERT" present in the file "src/ike/iked/v2/ike2_payload_cert.c" that's designed to copy a client "identification" to a local stack buffer of 520 bytes, and then validate the provided client SSL certificate."
CVE-2025-9242 is an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process with a CVSS score of 9.3. Affected releases include Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1. The flaw permits unauthenticated remote attackers to execute arbitrary code during the IKE_SA_AUTH phase of IKEv2 VPN handshakes when configured with a dynamic gateway peer. The root cause is a missing length check in ike2_ProcessPayload_CERT that copies a client identification into a 520-byte stack buffer. Fixes are available in 2025.1.1, 12.11.4, 12.3.1_Update3, and 12.5.13; 11.x is EOL.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]