Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202512-00000010

[Content Description]
WatchGuard Firebox is a next-generation firewall product offering multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering.

WatchGuard has released a critical cybersecurity vulnerability announcement (CVE-2025-14733, CVSS 4.x: 9.3). This vulnerability is an out-of-bounds write vulnerability that could allow an unauthenticated attacker to execute arbitrary code remotely. WatchGuard has observed attackers actively attempting to exploit this vulnerability. For detailed information, please visit the WatchGuard website.

[Affected Platforms]
WatchGuard Fireware OS versions 2025.1 to 2025.1.3
WatchGuard Fireware OS versions 12.5 to 12.5.14
WatchGuard Fireware OS versions 12.0 to 12.11.5
WatchGuard Fireware OS versions 11.10.2 to 11.12.4+541730

[Recommended Actions]
Please update to the following versions:
WatchGuard Fireware OS version 2025.1.4
WatchGuard Fireware OS version 12.5.15
WatchGuard Fireware OS version 12.11.6
WatchGuard Fireware OS version 12.3.1_Update4 (B728352)
Note: WatchGuard Fireware OS versions 11.x are already EoL (End of Life) versions. For Life products, it is recommended to upgrade to the supported version.

[Reference]
1. https://www.twcert.org.tw/tw/cp-169-10589-329d6-1.html