Security Bulletin: Critical Vulnerability in SonicWall SMA 1000 Series Appliances (CVE-2025-23006)
Severity: Critical - CVSS Score: 9.8/10 Date Released: 2025-01-23 Overview SonicWall has issued a security advisory regarding a critical vulnerability (CVE-2025-23006) in its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability has been identified as a zero-day exploit that has likely been actively exploited in the wild. Customers are urged to take immediate action to mitigate the risk. This flaw does not affect SonicWall's Firewall or SMA 100 Series products. Instead, it specifically impacts the Appliance Management Console (AMC) and Central Management Console (CMC) components of the SMA 1000 Series. Vulnerability Details CVE ID: CVE-2025-23006 Impact: Remote Code Execution (RCE) Description: A pre-authentication deserialization of untrusted data vulnerability exists in the AMC and CMC of the SMA 1000 Series appliances. Under specific conditions, an unauthenticated remote attacker could exploit this flaw to execute arbitrary OS commands, potentially compromising the affected device and broader network. CVSS Score: 9.8 (Critical) Affected Products SMA 1000 Series Appliances: - Appliance Management Console (AMC) - Central Management Console (CMC)…