The vulnerability targets internet-exposed services, needs zero credentials, and lets attackers run arbitrary code on the very devices meant to guard your perimeter.
Cybersecurity researchers just blew the whistle on WatchGuard’s firewall systems, and it is the kind of flaw that makes ransomware gangs salivate.
A devastating security bug could hand attackers complete control of entire networks without any authentication at all.
The vulnerability, designated CVE-2025-9242, is a perfect storm. It targets internet-exposed services, needs zero credentials, and lets attackers run arbitrary code on the very devices meant to guard your perimeter. This is not a patch you push to next quarter.
Time is critical. WatchGuard has released emergency patches that need to be deployed without delay. The company fixed the bug in versions 2025.1.1, 12.11.4, 12.5.13 for T15 and T35 models, and 12.3.1_Update3 for FIPS-certified releases, updates that became available today.
If you cannot patch immediately, there is a temporary lifeline. WatchGuard provides a workaround that disables dynamic peer VPNs, uses firewall aliases for trusted IPs, and applies specific firewall policies, with mitigation guidance published offering step-by-step instructions.
There is currently no evidence of active exploitation in the wild, but experts expect attackers to move fast given the severity.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
