Critical RCE flaw impacts over 115,000 WatchGuard firewalls

WatchGuard Firebox appliances are affected by a critical unauthenticated RCE (CVE-2025-14733) impacting Fireware OS 11.x+, 12.x+, and 2025.1–2025.1.3 when IKEv2 VPN is used; the flaw is being actively exploited, Shadowserver found over 115,000+ exposed instances, WatchGuard published IoCs and mitigations, and CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered federal patching.