SonicWall Warns of Potentially Exploited Critical Flaw

SonicWall is warning customers of a critical vulnerability in its Secure Mobile Access (SMA) line. The company in a Wednesday security advisory said it had received reports that threat actors may be targeting the remote command execution flaw.

Key Details:

• The critical flaw (CVE-2025-23006) has been identified in the SMA1000 Appliance Management Console and Central Management Console

• The issue is a pre-authentication deserialization of untrusted data vulnerability, which ranks 9.8 out of 10 on the CVSS scale. The flaw “in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands,” said SonicWall

• SonicWall said its product security incident response team (PSIRT) has been notified of possible active exploitation of the flaw by threat actors

The Background: Further details of the reported vulnerability exploitation were not detailed. SonicWall credited Microsoft’s Threat Intelligence Center with reporting the flaw.

Vendor Response: Versions 12.4.3-02804 (platform-hotfix) and earlier are impacted, and SonicWall has released a hotfix in version 12.4.3-02854 and higher versions. SonicWall Firewall and SMA 100 series products are not impacted, it said.

The Big Picture: CVE-2025-23006 is the latest vulnerability to be patched by SonicWall. The company issued a security advisory earlier in January for a number of flaws impacting its SonicOS, including a flaw (CVE-2024-53704) impacting the SSL VPN component of SonicWall firewalls.

What To Do: The company is urging customers to apply the hotfix as soon as possible. In an advisory by the National Cyber Security Centre, the entity “strongly recommends installing updates for vulnerable systems with the highest priority, after thorough testing.”