Blog

Security Bulletin: Critical Vulnerability in SonicWall SMA 1000 Series Appliances (CVE-2025-23006)

sonicwall

Severity: Critical — CVSS Score: 9.8/10

Date Released: 2025-01-23

Overview

SonicWall has issued a security advisory regarding a critical vulnerability (CVE-2025-23006) in its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability has been identified as a zero-day exploit that has likely been actively exploited in the wild. Customers are urged to take immediate action to mitigate the risk.

This flaw does not affect SonicWall's Firewall or SMA 100 Series products. Instead, it specifically impacts the Appliance Management Console (AMC) and Central Management Console (CMC) components of the SMA 1000 Series.

Vulnerability Details

  • CVE ID: CVE-2025-23006
  • Impact: Remote Code Execution (RCE)
  • Description:
    A pre-authentication deserialization of untrusted data vulnerability exists in the AMC and CMC of the SMA 1000 Series appliances. Under specific conditions, an unauthenticated remote attacker could exploit this flaw to execute arbitrary OS commands, potentially compromising the affected device and broader network.
  • CVSS Score: 9.8 (Critical)

Affected Products

SMA 1000 Series Appliances:
- Appliance Management Console (AMC)
- Central Management Console (CMC)

Products Not Affected:
- SonicWall Firewalls
- SMA 100 Series Appliances

Mitigation and Required Actions

Patch Availability

SonicWall has released a fix for the flaw in SMA 1000 Series firmware version 12.4.3-02854 (platform-hotfix). It is essential to apply this patch immediately to secure your system from potential exploitation.

Recommended Actions:

  1. Apply the Security Patch: Update your SMA 1000 series appliances to firmware version 12.4.3-02854 without delay.
  2. Restrict Access: Limit access to the Appliance Management Console (AMC) and Central Management Console (CMC) to trusted sources only.
  3. Monitor for Indicators of Compromise: Look for unusual activity or signs that your appliance may have been compromised.
  4. Stay Updated: Follow SonicWall's advisories for any additional updates or security recommendations.

Active Exploitation

SonicWall has been informed of possible exploitation in the wild, although specific details of the threat actors or attacks remain undisclosed. The discovery and reporting of this vulnerability have been credited to the Microsoft Threat Intelligence Center (MSTIC).

More Information