CVE-2025-14733 Vulnerability: WatchGuard Addresses a Critical RCE Affecting Firebox Firewalls, Actively Exploited for Real-World Attacks

WatchGuard disclosed CVE-2025-14733, a critical (CVSS 9.3) out-of-bounds write in the iked process of Fireware OS that enables unauthenticated remote code execution against IKEv2 VPN configurations; the flaw is being actively exploited in the wild, CISA added it to the KEV catalog, Shadowserver identified ~117,490 exposed devices, and WatchGuard published fixes, IoAs (including specific IPs and oversized IKE_AUTH CERT payloads), and mitigation guidance.