A critical security flaw in WatchGuard Firebox devices has been exploited by malicious actors, and the threat is ongoing! This vulnerability, known as CVE-2025-9242, has been flagged by the Cybersecurity and Infrastructure Security Agency (CISA) and added to their Known Exploited Vulnerabilities catalog. But here's the catch: this bug allows attackers to potentially execute arbitrary code on over 54,300 Firebox appliances, primarily in the U.S., Italy, the UK, Germany, and Canada.
The issue stems from an out-of-bounds write flaw in the Fireware OS, where an inadequate buffer length check during the IKE handshake process opens the door for potential disaster. And this is where it gets controversial—while federal agencies have been given a deadline of Dec. 3 to address the issue, the damage may already be done.
The CISA's KEV list also includes other critical vulnerabilities like the Windows kernel defect (CVE-2025-62215) and the Gladinet Triofox access control issue (CVE-2025-12480), the latter of which has been linked to UNC6485 attacks. These findings highlight the constant battle against cyber threats and the importance of prompt security updates.
In related news, zero-day attacks targeting Cisco ISE and Citrix NetScaler have been observed, exploiting critical flaws for custom malware distribution. This raises the question: are we doing enough to stay ahead of these cybercriminals? Share your thoughts in the comments below!
