Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day

SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.

SonicWall vulnerability exploited

SonicWall on Wednesday credited Microsoft for reporting a critical remote command execution vulnerability that may have been exploited in the wild.

The zero-day, tracked as CVE-2025-23006, has been described by SonicWall as an untrusted data deserialization issue that impacts its Secure Mobile Access (SMA) 1000 series products, specifically the Appliance Management Console (AMC) and Central Management Console (CMC) administration tools.

A remote, unauthenticated attacker can exploit the vulnerability — under specific conditions — to execute arbitrary OS commands. 

“SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors,” the vendor highlighted in its advisory. 

The vulnerability affects version 12.4.3-02804 (platform-hotfix) and earlier, and it has been fixed with the release of version 12.4.3-02854 (platform-hotfix), which SMA1000 customers are strongly urged to install as soon as possible. 

The vendor pointed out that Firewall and SMA 100 series products are not impacted.

The Microsoft Threat Intelligence Center (MSTIC) has been credited for reporting the vulnerability to SonicWall, but the tech giant’s threat intel unit does not appear to have published any information on the attacks that could involve exploitation of CVE-2025-23006.

SecurityWeek has reached out to Microsoft and will update this article if the company shares any information. 

Advertisement. Scroll to continue reading.

It’s not uncommon for threat actors to exploit SonicWall product vulnerabilities in their attacks. 

The Known Exploited Vulnerabilities (KEV) catalog maintained by the cybersecurity agency CISA currently contains 10 SonicWall flaws, and the list does not include CVE-2025-23006.  

Related: New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products

Related: SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls

Related: SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.