Security News > 2021 > April > SonicWall warns customers to patch 3 zero-days exploited in the wild
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.
"In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild,'" SonicWall said in a security advisory published earlier today.
The full list of SonicWall products affected by the three zero-days is available in the table below, together with information on the patched versions and links to security advisories.
SonicWall Hosted Email Security was automatically patched on Monday, April 19th, and no action is needed from customers only using SonicWall's hosted email security product.
SonicWall disclosed in January 2021 that unknown threat actors exploited a zero-day vulnerability in their Secure Mobile Access and NetExtender VPN client products in attacks targeting the company's internal systems.
One month later, SonicWall fixed an actively exploited zero-day vulnerability impacting the SMA 100 series of SonicWall networking devices.
News URL
Related news
- SonicWall urges admins to patch exploitable SSLVPN bug immediately (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)