REDLEGG BLOG

Emergency Security Bulletin: SonicWall SMA1000 Appliances

1/23/25 1:03 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITIES

Pre-Authentication Deserialization Vulnerability in SonicWall SMA1000 Appliances

CVSS Score: 9.8 (Critical)
Identifier: CVE-2025-23006
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-23006 – SonicWall Security Advisory

Description: CVE-2025-23006 is a critical pre-authentication deserialization vulnerability identified in SonicWall's Secure Mobile Access (SMA) 1000 series appliances, specifically affecting the Appliance Management Console (AMC) and Central Management Console (CMC). This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands under certain conditions, potentially leading to full system compromise. SonicWall has received reports of active exploitation of this vulnerability in the wild.

Mitigation Recommendation: Patching is currently the only method of mitigation. SonicWall has released a hotfix to address this vulnerability. Users are strongly advised to upgrade to version 12.4.3-02854 (platform-hotfix) or later to mitigate the risk. Immediate patching is recommended to prevent potential exploitation. Additionally, it is advisable to restrict access to the AMC and CMC interfaces to trusted sources only.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities Vulnerability Bulletins

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin