Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

WatchGuard disclosed a critical zero-day (CVE-2025-14733) in Fireware OS affecting Firebox appliances that allows remote code execution via an out-of-bounds write in the IKED process; the vendor reports active exploitation, published an advisory with IoCs and mitigations, and urged immediate patching. CISA added the flaw to its KEV catalog, WatchGuard released a patch on 18 December, and Shadowserver scans found roughly 125,000 potentially vulnerable Firebox IPs worldwide, indicating broad exposure of edge devices.