Who is affected?
A list of the nearly three dozen firewall models affected by CVE-2025-9242 is available from WatchGuard’s website. The vulnerable versions of the Fireware OS are 2025.1, 12.x, 12.5.x (T15 & T35 models), 12.3.1 (FIPS-certified release), and 11.x (end of life). These are addressed (in the same order) by updating to versions 2025.1.1, 12.11.4, 12.5.13, and 12.3.1_Update3 (B722811).
Although all customers should update, those specifically affected are in the following camp: “This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer,” said the advisory.
However, the company warned that customers who had used their firewall VPNs in this way in the past, but no longer do so, could also be affected:
