CVE-2025-23006 is a critical vulnerability found in SonicWall 1000-series SMA VPNs that allows unauthenticated remote code execution. SonicWall has confirmed active exploitation of this flaw and has urged users to upgrade to the patched version to secure their systems. Affected: SonicWall 1000-series Secure Mobile Access VPNs
Keypoints :
- Vulnerability CVE-2025-23006 has a CVSS score of 9.8, indicating its critical nature.
- Affects SonicWall 1000-series Secure Mobile Access (SMA) VPNs.
- Vulnerability exists in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) in versions 12.4.3-02804 and earlier.
- Allows unauthenticated attackers to execute arbitrary OS commands if successfully exploited.
- Added to CISA’s list of Known Exploited Vulnerabilities on January 24, 2025.
- SonicWall has a history of being targeted by cybercriminal groups like UNC2447, HelloKitty, and FiveHands.
- Users are urged to patch by upgrading to version 12.4.3-02854 or higher.
- Access to the Appliance and Central Management Consoles should be restricted to trusted sources.
MITRE Techniques :
- Remote Code Execution (T1203) – Exploitation of the vulnerability allows for arbitrary OS command execution via unauthenticated access.
- Exploitation for Client Execution (T1203.001) – Attackers can exploit pre-authentication deserialization vulnerabilities in the management consoles.
Indicator of Compromise :
- [Vulnerable Software Version] SonicWall 12.4.1 – 12.4.3
- Use “Censys Search Query”
Full Story: https://censys.com/cve-2025-23006/