CVE-2025-14733 WatchGuard iked RCE

Out-of-bounds write vulnerability in Fireware OS IKE daemon enabling unauthenticated remote code execution via malicious IKEv2 certificates affecting 117,490+ internet-exposed instances.

1 intelligence brief← Intelligence Hub

WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls

A critical out-of-bounds write vulnerability in WatchGuard Fireware OS allows unauthenticated remote attackers to execute arbitrary code on perimeter devices via malicious IKEv2 packets. 117,490 exposed instances globally, 35,600+ in the U.S., with active exploitation confirmed since December 2025.

Peter Chofield

Jan 4, 2026

11–16 minutes

CVE-2025-14733 WatchGuard iked RCE

WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls