SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client

SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client.

These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate file paths.

Users are urged to update their software immediately to mitigate potential risks.

Overview of Vulnerabilities

CVE ID	Description	CVSS Score	CWE
CVE-2025-23008	Improper privilege management vulnerability allowing low-privileged attackers to modify configuration settings.	7.2	CWE-250: Execution with Unnecessary Privileges
CVE-2025-23009	Local privilege escalation vulnerability enabling arbitrary file deletion by attackers.	5.9	CWE-250: Execution with Unnecessary Privileges
CVE-2025-23010	Improper link resolution vulnerability allowing manipulation of file paths before file access.	6.5	CWE-59: Improper Link Resolution Before File Access

Detailed Information

1. CVE-2025-23008

An improper privilege management vulnerability was identified in SonicWall NetExtender Windows clients (32-bit and 64-bit). This flaw permits low-privileged attackers to access and alter configurations, potentially compromising system security.

• CVSS Score: 7.2
• Impact: High (Confidentiality, Integrity, and Availability at risk)

2. CVE-2025-23009

This vulnerability allows attackers to perform local privilege escalation, triggering arbitrary file deletion in affected NetExtender versions. Exploitation requires local access and low complexity.

• CVSS Score: 5.9
• Impact: High (Integrity at risk)

3. CVE-2025-23010

An improper link resolution vulnerability enables attackers to manipulate file paths before access, potentially causing system disruption.

• CVSS Score: 6.5
• Impact: High (Availability at risk)

Affected Products

Product	Version(s) Affected	Fixed Version(s)
NetExtender Windows (32/64 bit)	Version 10.3.1 and earlier	Version 10.3.2 and higher

SonicWall strongly advises users to upgrade their NetExtender Windows client to version 10.3.2 or higher to address these vulnerabilities. The company has confirmed that no evidence of exploitation in the wild has been observed.

To ensure the security of your systems, follow these steps:

1. Download the latest patched version of SonicWall NetExtender from the official website.
2. Implement regular patch management practices to prevent exploitation of known vulnerabilities.
3. Monitor for unusual activity in your systems as a precautionary measure.

By acting promptly, users can mitigate risks and ensure their systems remain secure against these vulnerabilities.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!