About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Pre-Authentication Deserialization Vulnerability in SonicWall SMA1000 Appliances
CVSS Score: 9.8 (Critical)
Identifier: CVE-2025-23006
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-23006 – SonicWall Security Advisory
Description: CVE-2025-23006 is a critical pre-authentication deserialization vulnerability identified in SonicWall's Secure Mobile Access (SMA) 1000 series appliances, specifically affecting the Appliance Management Console (AMC) and Central Management Console (CMC). This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands under certain conditions, potentially leading to full system compromise. SonicWall has received reports of active exploitation of this vulnerability in the wild.
Mitigation Recommendation: Patching is currently the only method of mitigation. SonicWall has released a hotfix to address this vulnerability. Users are strongly advised to upgrade to version 12.4.3-02854 (platform-hotfix) or later to mitigate the risk. Immediate patching is recommended to prevent potential exploitation. Additionally, it is advisable to restrict access to the AMC and CMC interfaces to trusted sources only.