CVE-2025-14733

CRITICAL KEV

Watchguard Fireware < 12.5.15 - Out-of-Bounds Write

Title source: rule

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

Exploits (2)

nomisec WRITEUP

by kooyaniks · poc

https://github.com/kooyaniks/CVE-2025-14733-analysis

View Code ZIP pw:eip

nomisec SCANNER

by machevalia · poc

https://github.com/machevalia/CVE-2025-14733

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14733

Scores

CVSS v3 9.8

EPSS 0.2868

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-12-19

VulnCheck KEV 2025-12-19

ENISA EUVD EUVD-2025-204437

CWE

CWE-787

Status published

Products (1)

watchguard/fireware 11.10.2 - 12.5.15

Published Dec 19, 2025

KEV Added Dec 19, 2025

Tracked Since Feb 18, 2026