Wednesday, May 14, 2025
HomeCVE/vulnerabilitySonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

Published on

SIEM as a Service

Follow Us on Google News

 A critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors.

SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks.

Details of CVE-2025-23006

The vulnerability, which scores an alarming 9.8/10 on the CVSS v3 severity scale, stems from pre-authentication deserialization of untrusted data flaws.

- Advertisement - Google News

This flaw resides in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

In specific conditions, it can allow remote, unauthenticated attackers to execute arbitrary operating system commands.

Attackers exploiting this vulnerability could gain complete control over affected systems, leading to a potentially catastrophic compromise of confidentiality, integrity, and availability.

Affected Products

The vulnerability impacts SMA1000 series appliances running version 12.4.3-02804 or earlier. Notably, the SonicWall Firewall and the SMA 100 series are not affected by this issue.

The vulnerability has attracted attention due to its active exploitation by malicious actors in the wild. Microsoft Threat Intelligence Center (MSTIC) is credited for identifying this exploitation activity.

SonicWall strongly recommends that users upgrade to the fixed version of the SMA1000 platform, 12.4.3-02854 or higher, to eliminate the risk.

While patching remains the recommended mitigation, SonicWall has advised the following workarounds to minimize exposure:

  1. Restrict access to the Appliance Management Console (AMC) and Central Management Console (CMC) to only trusted sources.
  2. Follow best practices for securing the SMA1000 appliance as outlined in the SMA1000 Administration Guide.

Users are urged to download and apply the relevant hotfix as soon as possible. The fixed software version is available from SonicWall’s official support page.

Additionally, organizations should monitor for unusual activity on their networks, as the vulnerability has been actively exploited.

SonicWall’s complete advisory on this issue, including detailed mitigation steps, can be found on their website under the advisory ID SNWLID-2025-0002.

As cyberattacks exploiting this type of vulnerability can escalate quickly, immediate action is critical to safeguarding systems and sensitive data.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...