Security News > 2025 > January > SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
2025-01-23 10:24
SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the
News URL
https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- SonicWall urges admins to patch exploitable SSLVPN bug immediately (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-23 | CVE-2025-23006 | Unspecified vulnerability in Sonicwall products Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | 9.8 |