Saturday, February 8, 2025
HomeCVE/vulnerabilitySonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

Published on

SIEM as a Service

Follow Us on Google News

 A critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors.

SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks.

Details of CVE-2025-23006

The vulnerability, which scores an alarming 9.8/10 on the CVSS v3 severity scale, stems from pre-authentication deserialization of untrusted data flaws.

This flaw resides in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

In specific conditions, it can allow remote, unauthenticated attackers to execute arbitrary operating system commands.

Attackers exploiting this vulnerability could gain complete control over affected systems, leading to a potentially catastrophic compromise of confidentiality, integrity, and availability.

Affected Products

The vulnerability impacts SMA1000 series appliances running version 12.4.3-02804 or earlier. Notably, the SonicWall Firewall and the SMA 100 series are not affected by this issue.

The vulnerability has attracted attention due to its active exploitation by malicious actors in the wild. Microsoft Threat Intelligence Center (MSTIC) is credited for identifying this exploitation activity.

SonicWall strongly recommends that users upgrade to the fixed version of the SMA1000 platform, 12.4.3-02854 or higher, to eliminate the risk.

While patching remains the recommended mitigation, SonicWall has advised the following workarounds to minimize exposure:

  1. Restrict access to the Appliance Management Console (AMC) and Central Management Console (CMC) to only trusted sources.
  2. Follow best practices for securing the SMA1000 appliance as outlined in the SMA1000 Administration Guide.

Users are urged to download and apply the relevant hotfix as soon as possible. The fixed software version is available from SonicWall’s official support page.

Additionally, organizations should monitor for unusual activity on their networks, as the vulnerability has been actively exploited.

SonicWall’s complete advisory on this issue, including detailed mitigation steps, can be found on their website under the advisory ID SNWLID-2025-0002.

As cyberattacks exploiting this type of vulnerability can escalate quickly, immediate action is critical to safeguarding systems and sensitive data.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...