SonicWall Urges Immediate Patch for Essential CVE-2025-23006 Flaw Amid Probably Exploitation

Jan 23, 2025Ravie LakshmananVulnerability / Network Security

Customers are being informed of a serious security vulnerability that SonicWall claims has been allegedly exploited in the wild as a zero-day vulnerability that affects its Secure Mobile Access ( SMA ) 1000 Series appliances.

The risk, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.

In particular circumstances, the company in an advisory that” Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console ( AMC) and Central Management Console ( CMC).”

It’s worth noting that CVE-2025-23006 does not change its Firewall and SMA 100 line products. The flaw has been addressed in version 12.4.3-02854 ( platform-hotfix ).

Additionally, SonicWall added that customers should immediately apply the fixes to prevent possible attack attempts because it has been informed of “possible effective exploitation” by unnamed threat actors.

The company attributed the discovery and reporting of the security flaw to the Microsoft Threat Intelligence Center ( MSTIC ). Microsoft stated to the Hacker News that it had no information at this time when it was reached for comment.

The company advised that” to minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console ( AMC) and Central Management Console ( CMC)”.

Update

The U. S. Cybersecurity and Infrastructure Security Agency on Friday oppression of CVE-2025-23006, giving national authorities until February 14, 2025, to update it.

In a split safety notification, SonicWall stated that the “vulnerability has been confirmed as being constantly exploited in the wild,” urging users to act right away. Additionally, it stated that it is in the process of creating information that can be used to evaluate the appliance’s reliability.

The risk has been found to impact the following models: SMA6200, SMA6210, SMA7200, SMA7210, SMA8200v ( ESX, KVM, Hyper-V, AWS, Azure ), EX6000, EX7000, and EX9000. Users are advised to use a router to restrict access to operational consoles and to use a router to limit exposure to trusted inside networks in addition to applying the patch.

Found this post exciting? Follow us on and Twitter to access more unique information we article.

DNS checker

Leave a Comment