Print - 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in WatchGuard Firebox (CVE-2025-14733)

【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in WatchGuard Firebox (CVE-2025-14733)

publish date : 2025-12-29 update date : 2025-12-29

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025122204124545	Publication Time	2025/12/22 16:44
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/12/22 16:44
Impact Level	Low
[Subject] 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in WatchGuard Firebox (CVE-2025-14733)
[Content] Forwarded from TWCERTCC-200-202512-00000010 WatchGuard Firebox is a next-generation firewall product that provides multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering. WatchGuard has released a critical security advisory (CVE-2025-14733, CVSS 4.x: 9.3). This vulnerability is an out-of-bounds write vulnerability that may allow remote unauthenticated attackers to execute arbitrary code. WatchGuard has currently observed attackers actively attempting to exploit this vulnerability. For detailed information, please refer to the WatchGuard official website. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] WatchGuard Fireware OS versions 2025.1 through 2025.1.3 WatchGuard Fireware OS versions 12.5 through 12.5.14 WatchGuard Fireware OS versions 12.0 through 12.11.5 WatchGuard Fireware OS versions 11.10.2 through 11.12.4+541730
[Recommended Actions] WatchGuard Fireware OS version 2025.1.4 WatchGuard Fireware OS version 12.5.15 WatchGuard Fireware OS version 12.11.6 WatchGuard Fireware OS version 12.3.1_Update4 (B728352) Note: WatchGuard Fireware OS 11.x has reached End of Life (EoL). It is recommended to upgrade to a supported version.
[Reference] https://www.twcert.org.tw/tw/cp-169-10589-329d6-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center