CVE-2025-14733

CRITICAL KEV

WatchGuard Fireware <=12.11.5/2025.1.3 - Unauthenticated RCE via IKEv2 VPN

Title source: llm

Exploitation Summary

CVE-2025-14733 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 19, 2025. EIP tracks 2 public exploits from researchers including kooyaniks, machevalia.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-14733, an out-of-bounds write vulnerability in WatchGuard Firebox's iked process. It includes binary analysis, function identification, and attack surface details but does not contain exploit code.

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

Exploits (2)

nomisec WRITEUP

by kooyaniks · poc

https://github.com/kooyaniks/CVE-2025-14733-analysis

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-14733, an out-of-bounds write vulnerability in WatchGuard Firebox's iked process. It includes binary analysis, function identification, and attack surface details but does not contain exploit code.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: WatchGuard Fireware OS 11.10.2 through 12.11.5, 2025.1 through 2025.1.3

No auth needed

Prerequisites: IKEv2 VPN configured with dynamic gateway peer

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec SCANNER

by machevalia · poc

https://github.com/machevalia/CVE-2025-14733

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting WatchGuard IKEv2 services potentially vulnerable to CVE-2025-14733. It sends crafted IKE_SA_INIT packets and parses responses to identify WatchGuard devices and their versions.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WatchGuard Fireware IKEv2 service

No auth needed

Prerequisites: Network access to target IKEv2 service (UDP/500)

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14733

Scores

CVSS v3 9.8

EPSS 0.2776

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2025-12-19

VulnCheck KEV 2025-12-19

ENISA EUVD EUVD-2025-204437

CWE

CWE-787

Status published

Products (1)

watchguard/fireware 11.10.2 - 12.5.15

Published Dec 19, 2025

KEV Added Dec 19, 2025

Tracked Since Feb 18, 2026