WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code

WatchGuard disclosed a critical IKEv2 stack-based buffer overflow (CVE-2025-9242, CVSS 9.3) in Fireware OS that allows unauthenticated remote code execution against many Firebox appliances (multiple 11.x/12.x/2025.1 versions). Researchers reverse-engineered the fix and demonstrated an ROP-based remote shell; WatchGuard published patches and mitigation guidance and urged immediate patching to protect Internet-facing VPN concentrators used by thousands of organizations.