A Vulnerability in WatchGuard Fireware OS Could Allow for Arbitrary Code Execution.

A critical out-of-bounds write vulnerability (CVE-2025-14733) was identified in the WatchGuard Fireware OS iked process that can allow a remote unauthenticated attacker to execute arbitrary code. The flaw affects mobile user VPN and branch office VPN configurations using IKEv2 with dynamic gateway peers, and devices may remain vulnerable even after deleting those configurations if a static gateway peer is still configured.