Hit by CVE-2025-14733

offbyone · December 20

Hi.

Seems that one of our customers was hit by an attack even a few hours before we got the notification about an available update from WG.

Would a reset to factory defaults clean the box so that it can be reused safely after that or what else is recommended in this case by WG?

james.carson · December 21

Hi @offbyone

If the firewall is passing the integrity check on bootup, or when you check via WebUI, the current install on the firewall should be good.

See:
(System Integrity Checks)
https://www.watchguard.com/help/docs/help-center/en-US/content/en-us/Fireware/system_status/stats_diagnostics_integrity_checks.html

If you are concerned that the system may have been compromised, you can use recovery mode to overwrite the firmware on the firewall:

See:
(Use Recovery Mode)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/other/QSW_recovery_mode_wsm.html

Note: Recovery mode will completely erase everything on your firewall, and it will boot up as if it were powered on for the first time. Any self-signed certificates will be erased and regenerated, and any user-imported certificates will be wiped.

offbyone · December 21

Hello James.

THX for your answer which helped a lot.

Hit by CVE-2025-14733

Best Answer

Answers