SonicWall Warns of Critical Zero-Day Vulnerability (CVE-2025-23006) Actively Exploited

SonicWall Warns of Critical Zero-Day Vulnerability Exploited in the Wild

Summary:

• SonicWall warns of a critical zero-day vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 Series appliances.
• The vulnerability allows attackers to execute arbitrary OS commands.
• Microsoft Threat Intelligence Center (MSTIC) discovered the vulnerability.
• SonicWall recommends immediate patching and implementing security best practices.
• In March 2023, Mandiant researchers reported China-linked attackers deploying custom malware on a SonicWall SMA appliance to steal user credentials and gain persistent access.

Details:

• The vulnerability is a Pre-authentication deserialization of untrusted data issue in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).
• It has a CVSS score of 9.8, indicating a critical severity.
• Attackers have likely exploited the vulnerability in the wild.
• SonicWall urges customers to upgrade to Version 12.4.3-02854 which addresses the flaw.
• Restricting AMC and CMC access to trusted sources and following best practices can further mitigate the risk.
• In March 2023, researchers reported a separate incident involving China-linked attackers exploiting a SonicWall SMA appliance using custom malware.

Actionable Steps:

• Update affected devices to Version 12.4.3-02854 immediately.
• Restrict access to AMC and CMC to trusted sources.
• Follow SonicWall’s security best practices for the SMA1000 series.

Additional Information:

• SonicWall advisory: https://www.sonicwall.com/support/knowledge-base/230206240724952/
• Mandiant report: https://www.mandiant.com/resources/blog/chinese-state-actor-espionage-sonicwall

Please note: The original content contained images and embedded tweets. This rewrite focuses on the textual information for clarity and accessibility.