CISA Adds WatchGuard Vulnerability to KEV Catalog – 11-12-25

Yesterday CISA announced that it had added an out-of-bounds write vulnerability in the WatchGuard Fireware OS to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was previously disclosed by WatchGuard on September 17^th, 2025. That advisory was updated on November 7^th, 2025 to include indicators of compromise. On November 8^th, 2025 watchTower Labs published a report on the vulnerability that included proof-of-concept code, after having previously published a ‘Detection Artifact Generator for WatchGuard CVE-2025-9242’.

NOTE: This is not related to the WatchGuard exploit notice that I briefly discussed on Sunday.

CISA has directed federal agencies utilizing the affected WatchGuard products to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” Agencies have been given a deadline of December 3^rd, 2025 to complete these actions.