1. Home
  2. CVE Database
  3. CVE-2025-14733
CRITICAL · 9.8

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and...

Vulnerability Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
WatchguardFireware>= 11.10.2, < 12.5.15
WatchguardFirebox T15All versions
WatchguardFirebox T35All versions
WatchguardFirebox M270All versions
WatchguardFirebox M290All versions
WatchguardFirebox M370All versions
WatchguardFirebox M390All versions
WatchguardFirebox M440All versions
WatchguardFirebox M4600All versions
WatchguardFirebox M470All versions
WatchguardFirebox M4800All versions
WatchguardFirebox M5600All versions
WatchguardFirebox M570All versions
WatchguardFirebox M5800All versions
WatchguardFirebox M590All versions
WatchguardFirebox M670All versions
WatchguardFirebox M690All versions
WatchguardFirebox Nv5All versions
WatchguardFirebox T20All versions
WatchguardFirebox T25All versions

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2025-14733?

CVE-2025-14733 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and...

How severe is CVE-2025-14733?

CVE-2025-14733 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-14733?

Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox T15, Watchguard Firebox T35, Watchguard Firebox M270, Watchguard Firebox M290.