A Vulnerability in WatchGuard Fireware OS Could Allow for Arbitrary Code Execution

A remote unauthenticated out‑of‑bounds write vulnerability (CVE-2025-9242) in the WatchGuard Fireware OS iked process can allow arbitrary code execution against devices configured with IKEv2 mobile user or branch office VPNs, including cases where deleted VPN configurations persist; successful exploitation could enable full system compromise depending on user privileges. The advisory describes affected configurations and potential impacts but does not report active exploitation.