Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall SMA1000 Series Appliances

Exploitation could lead to execution of arbitrary OS commands in SonicWall SMA1000 Series Appliances

Threat ID:: CC-4609
Threat Severity:: High
Published:: 23 January 2025 2:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation could lead to execution of arbitrary OS commands in SonicWall SMA1000 Series Appliances

Affected platforms

The following platforms are known to be affected:

Versions: 12.4.3-02804 (platform-hotfix) and earlier

SonicWall Secure Mobile Access (SMA) 1000 Series

Threat details

Exploitation of CVE-2025-23006

The SonicWall Product Security Incident Response Team (PSIRT) has been notified of possible active exploitation of CVE-2025-23006.

SSL VPN appliances are internet-facing by design and are frequently targeted by attackers. Vulnerabilities in SSL VPN and firewall appliances are often exploited soon after official disclosure.

Introduction

SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).

SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.

CVE-2025-23006 is a 'pre-authentication deserialisation of untrusted data' vulnerability with a CVSSv3 score of 9.8, and if exploited could allow a remote, unauthenticated attacker to execute arbitrary OS commands.

SMA 100 series products are not affected

SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.

Remediation advice

Affected organisations must review SonicWall security advisory SNWLID-2025-0002 and apply the security update to version 12.4.3-02854 (platform-hotfix) and higher.

Remediation steps

Type	Step
Patch	Apply Security Update Organisations must upgrade affected SMA1000 devices to Version 12.4.3-02854 (platform-hotfix) or higher as soon as possible. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
Guidance	Temporary workaround until remediation can be applied. To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC). Refer to the SMA1000 Administration Guide, section - Best Practices for Securing the Appliance. Even after the relevant security updates have been applied organisations are strongly advised to follow the SonicWall guidance on securing the management consoles of SMA1000 devices https://www.sonicwall.com/techdocs/pdf/sma_1000-12-4-admin_guide.pdf#page=653

Type

Step

Patch

Apply Security Update

Organisations must upgrade affected SMA1000 devices to Version 12.4.3-02854 (platform-hotfix) or higher as soon as possible.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

Guidance

Temporary workaround until remediation can be applied.

To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC). Refer to the SMA1000 Administration Guide, section - Best Practices for Securing the Appliance.

Even after the relevant security updates have been applied organisations are strongly advised to follow the SonicWall guidance on securing the management consoles of SMA1000 devices

https://www.sonicwall.com/techdocs/pdf/sma_1000-12-4-admin_guide.pdf#page=653

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2025-23006

Last edited: 23 January 2025 2:27 pm