Sonicwall Warns Of Sma1000 Rce Flaw Exploited In Zero-day Attacks
Thumbnail
Summary: SonicWall has issued a warning regarding a critical pre-authentication deserialization vulnerability (CVE-2025-23006) in its SMA1000 Appliance Management Console, which has reportedly been exploited as a zero-day in attacks. This flaw allows remote unauthenticated attackers to execute arbitrary OS commands, affecting all firmware versions up to 12.4.3-02804. Users are urged to upgrade to the latest hotfix to mitigate risks associated with this vulnerability.

Threat Actor: Unknown | unknown
Victim: SonicWall SMA1000 users | SonicWall SMA1000 users

Keypoints :

  • Vulnerability CVE-2025-23006 has a critical CVSS score of 9.8 and affects all firmware versions up to 12.4.3-02804.
  • SonicWall recommends upgrading to version 12.4.3-02854 or later to address the vulnerability.
  • Germany’s CERT-Bund has also urged immediate updates for system administrators to mitigate risks.

Source: https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-rce-flaw-exploited-in-zero-day-attacks/