125,000 IPs WatchGuard Firebox Devices Exposed to Internet Vulnerable to 0-day RCE Attacks

A critical unauthenticated RCE zero-day (CVE-2025-14733, CVSS 9.8) in WatchGuard Fireware OS's iked IKEv2 implementation is being actively exploited in the wild, exposing roughly 125,000 Firebox devices; Shadowserver and WatchGuard published affected versions, mitigation updates, and IOCs—organizations are urged to patch immediately, monitor VPN/IKE logs for anomalous IKE_AUTH payloads, and rotate credentials.