Summary: SonicWall has issued a warning regarding a critical zero-day vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 Series appliances, which could allow remote unauthenticated attackers to execute arbitrary OS commands. The vulnerability has a high CVSS score of 9.8 and has reportedly been exploited in the wild. Customers are urged to update to the latest version to mitigate risks associated with this flaw.
Threat Actor: Unspecified | Unspecified
Victim: SonicWall Customers | SonicWall Customers
Keypoints :
- Vulnerability CVE-2025-23006 allows remote execution of OS commands.
- Rated 9.8 on the CVSS scoring system, indicating critical severity.
- Customers are advised to restrict access and apply the latest hotfix (12.4.3-02854) immediately.
Source: https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html