Jan 23, 2025Ravie LakshmananVulnerability / Network Security
Customers are being informed of a serious security vulnerability that affects the Secure Mobile Access ( SMA ) 1000 Series appliances, which SonicWall claims has been likely exploited as a zero-day exploit.
The risk, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS ranking system.
In particular circumstances, the company in an advisory that” Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console ( AMC) and Central Management Console ( CMC).”
It’s worth noting that CVE-2025-23006 does not change its Firewall and SMA 100 line products. The flaw has been addressed in version 12.4.3-02854 ( platform-hotfix ).
Additionally, SonicWall added that it has been alerted to “possible effective abuse” by unnamed risk stars, which necessitated that customers apply the fixes as soon as possible to stop possible harm attempts.
The company attributed the discovery and reporting of the security flaw to the Microsoft Threat Intelligence Center ( MSTIC ). When asked for reply, Microsoft stated to the Hacker News that it had no information at this time.
The company advised that “please ensure that you restrict access to trusted sources for the Appliance Management Console ( AMC) and Central Management Console ( CMC) to reduce the potential impact of the vulnerability.”
Update
The U. S. Cybersecurity and Infrastructure Security Agency on Friday oppression of CVE-2025-23006, giving national authorities until February 14, 2025, to update it.
Buyers are urged to act right away by SonicWall in a separate surveillance warning that stated the “vulnerability has been confirmed as being constantly exploited in the wild.” Additionally, it stated that it is in the process of creating knowledge that can be used to check the reliability of appliances.
The risk has been found to impact the following models: SMA6200, SMA6210, SMA7200, SMA7210, SMA8200v ( ESX, KVM, Hyper-V, AWS, Azure ), EX6000, EX7000, and EX9000. Users are advised to use a router to restrict access to operational consoles and to reduce access to trusted inside networks in addition to applying the patch.
Found this post interesting? Following us on and Twitter to access more unique content.