SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client.
These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate file paths.
Users are urged to update their software immediately to mitigate potential risks.
.png
)
Overview of Vulnerabilities
| CVE ID | Description | CVSS Score | CWE |
| CVE-2025-23008 | Improper privilege management vulnerability allowing low-privileged attackers to modify configuration settings. | 7.2 | CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-23009 | Local privilege escalation vulnerability enabling arbitrary file deletion by attackers. | 5.9 | CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-23010 | Improper link resolution vulnerability allowing manipulation of file paths before file access. | 6.5 | CWE-59: Improper Link Resolution Before File Access |
Detailed Information
1. CVE-2025-23008
An improper privilege management vulnerability was identified in SonicWall NetExtender Windows clients (32-bit and 64-bit). This flaw permits low-privileged attackers to access and alter configurations, potentially compromising system security.
- CVSS Score: 7.2
- Impact: High (Confidentiality, Integrity, and Availability at risk)
2. CVE-2025-23009
This vulnerability allows attackers to perform local privilege escalation, triggering arbitrary file deletion in affected NetExtender versions. Exploitation requires local access and low complexity.
- CVSS Score: 5.9
- Impact: High (Integrity at risk)
3. CVE-2025-23010
An improper link resolution vulnerability enables attackers to manipulate file paths before access, potentially causing system disruption.
- CVSS Score: 6.5
- Impact: High (Availability at risk)
Affected Products
| Product | Version(s) Affected | Fixed Version(s) |
| NetExtender Windows (32/64 bit) | Version 10.3.1 and earlier | Version 10.3.2 and higher |
SonicWall strongly advises users to upgrade their NetExtender Windows client to version 10.3.2 or higher to address these vulnerabilities. The company has confirmed that no evidence of exploitation in the wild has been observed.
To ensure the security of your systems, follow these steps:
- Download the latest patched version of SonicWall NetExtender from the official website.
- Implement regular patch management practices to prevent exploitation of known vulnerabilities.
- Monitor for unusual activity in your systems as a precautionary measure.
By acting promptly, users can mitigate risks and ensure their systems remain secure against these vulnerabilities.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
