Friday, April 4, 2025
HomeCVE/vulnerabilitySonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

Published on

SIEM as a Service

Follow Us on Google News

 A critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors.

SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks.

Details of CVE-2025-23006

The vulnerability, which scores an alarming 9.8/10 on the CVSS v3 severity scale, stems from pre-authentication deserialization of untrusted data flaws.

This flaw resides in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

In specific conditions, it can allow remote, unauthenticated attackers to execute arbitrary operating system commands.

Attackers exploiting this vulnerability could gain complete control over affected systems, leading to a potentially catastrophic compromise of confidentiality, integrity, and availability.

Affected Products

The vulnerability impacts SMA1000 series appliances running version 12.4.3-02804 or earlier. Notably, the SonicWall Firewall and the SMA 100 series are not affected by this issue.

The vulnerability has attracted attention due to its active exploitation by malicious actors in the wild. Microsoft Threat Intelligence Center (MSTIC) is credited for identifying this exploitation activity.

SonicWall strongly recommends that users upgrade to the fixed version of the SMA1000 platform, 12.4.3-02854 or higher, to eliminate the risk.

While patching remains the recommended mitigation, SonicWall has advised the following workarounds to minimize exposure:

  1. Restrict access to the Appliance Management Console (AMC) and Central Management Console (CMC) to only trusted sources.
  2. Follow best practices for securing the SMA1000 appliance as outlined in the SMA1000 Administration Guide.

Users are urged to download and apply the relevant hotfix as soon as possible. The fixed software version is available from SonicWall’s official support page.

Additionally, organizations should monitor for unusual activity on their networks, as the vulnerability has been actively exploited.

SonicWall’s complete advisory on this issue, including detailed mitigation steps, can be found on their website under the advisory ID SNWLID-2025-0002.

As cyberattacks exploiting this type of vulnerability can escalate quickly, immediate action is critical to safeguarding systems and sensitive data.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers

Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed...

Oracle Confirms The Data Breach- Starts Initiating Client Notifications

Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking...

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server.Due to improper...

New Android Spyware Tricks Users by Demanding Passwords for Uninstallation

A newly identified Android spyware app is elevating its tactics to remain hidden and...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers

Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed...

Oracle Confirms The Data Breach- Starts Initiating Client Notifications

Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking...

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server.Due to improper...