TCP always works in two directions. In UDP there is no "send and forget". The first program will have to open the server socket. This means that it is listening on port 25 for TCP SYN (flag A, which signals that the connection is opening). If your second program connects to port 25 (from port 45000), this connection is identified by 4 values, the IP of your host, the port of your host, the IP of the remote host, and the port of the remote host. At this point, when a three-way handshake is performed (SYN, SYN ACK, ACK), the first program receives the client socket from the returned server socket, which is connected to your second program. So yes, as soon as the connection is established, it is a two-way communication, and you are vulnerable.
Firewalls basically block incoming traffic. If your first program was behind the firewall and did not configure the firewall correctly, the firewall will clear the SYN packets from the second program. There will be no connection. The firewall can also check outgoing connections if they are configured correctly.
As I already said. As soon as you connect to the remote program, the remote program will receive a client socket, just like your local program through which all communication takes place.