IKE Protocol Authentication Bypass

Memory corruption in IKEv2 handshake processing allows unauthenticated VPN concentration device compromise and potential lateral movement into protected enterprise networks.

1 intelligence brief← Intelligence Hub

WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls

A critical out-of-bounds write vulnerability in WatchGuard Fireware OS allows unauthenticated remote attackers to execute arbitrary code on perimeter devices via malicious IKEv2 packets. 117,490 exposed instances globally, 35,600+ in the U.S., with active exploitation confirmed since December 2025.

Peter Chofield

Jan 4, 2026

11–16 minutes

IKE Protocol Authentication Bypass

WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls