SonicWall Security Flaw: Zero-Day Vulnerability Exploited in the Wild

Date: January 23, 2025

Author: Ravie Lakshmanan

Tags: Vulnerability / Network Security

SonicWall has alerted customers to a critical security flaw in its Secure Mobile Access (SMA) 1000 Series appliances, which it claims has been exploited in the wild as a zero-day vulnerability. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.

Vulnerability Details

The vulnerability, described as a pre-authentication deserialization of untrusted data vulnerability, has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). In specific conditions, this vulnerability could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

SonicWall has released an advisory detailing the vulnerability and its impact on the SMA 1000 Series appliances. The company has also released a patch, version 12.4.3-02854 (platform-hotfix), to address the flaw.

Affected Products

The vulnerability does not affect SonicWall’s Firewall and SMA 100 series products. However, customers of the SMA 1000 Series appliances are advised to apply the fixes as soon as possible to prevent potential attack attempts.

Exploitation and Mitigation

SonicWall has been notified of "possible active exploitation" by unspecified threat actors. To minimize the potential impact of the vulnerability, customers are recommended to restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).

Discovery and Credits

The Microsoft Threat Intelligence Center (MSTIC) has been credited with discovering and reporting the security shortcoming.

Additional Resources

For more information on the vulnerability and its impact, customers can refer to SonicWall’s advisory on their website.