Attention! We are scanning & reporting WatchGuard Firebox devices unpatched to CVE-2025-14733 (Out of Bounds Write Vulnerability, unauthenticated RCE, CVSS 9.8). Nearly 125 000 IPs found (2025-12-20): https://dashboard.shadowserver.org/statistics/combined/tree/?date_range=1&source=isakmp_vulnerable&source=isakmp_vulnerable6&tag=cve-2025-14733%2B&data_set=count&scale=log&auto_update=on

WatchGuard Advisory: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027

We share daily IP data in our Vulnerable ISAKMP Report, tagged 'cve-2025-14733': https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-isakmp-report/

CVE-2025-14733 is reported exploited in the wild & on @cisacyber KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14733

If you receive a report from us, check for signs of compromise as well

Most affected (most unpatched IPs): US (38.3K), Germany (14K), Italy (12.3K)

CVE-2025-14733 World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=other_value&day=2025-12-20&map_type=std&source=isakmp_vulnerable&source=isakmp_vulnerable6&tag=cve-2025-14733%2B&data_set=count&scale=log&auto_update=on

CVE-2025-14733 Tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=isakmp_vulnerable&source=isakmp_vulnerable6&tag=cve-2025-14733%2B&dataset=unique_ips&limit=100&group_by=geo&stacking=stacked&auto_update=on

#CyberCivilDefense #CyberSecurity