This alert is relevant to all Australian businesses and organisations.
This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.
Background
ASD’s ACSC is aware of active exploitation of a critical vulnerability in WatchGuard Firebox devices.
An Out-of-Bounds Write vulnerability (CVE-2025-14733) enables an attacker to achieve unauthenticated Remote Code Execution (RCE) in the following vulnerable versions of the Fireware OS:
- 11.10.2 – 11.12.4_Update1
- 12.0 – 12.11.5
- 2025.1 – 2025.1.3
Mitigation advice
Australian organisations should review their networks for vulnerable instances of these devices and upgrade to resolved versions. The WatchGuard Security Advisory includes information about patches and indicators for investigations into suspicious activity.
Where to get help
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).