
SonicWall has issued an urgent security advisory warning of a critical vulnerability in its SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Tracked as CVE-2025-23006 and assigned a CVSS score of 9.8, this pre-authentication remote command execution vulnerability could allow attackers to completely compromise affected devices.
The vulnerability stems from “pre-authentication deserialization of untrusted data,” which under certain conditions, can be exploited to execute arbitrary operating system commands. Alarmingly, SonicWall has revealed that this vulnerability may already be under attack. “SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company warns.
This means that threat actors are potentially already aware of the flaw and actively attempting to exploit it to gain unauthorized access to vulnerable systems.
Immediate action is crucial. SonicWall urges all users of SMA1000 appliances running version 12.4.3-02804 (platform-hotfix) and earlier to upgrade to the latest hotfix version (12.4.3-02854 or higher) immediately.
While a fix is available, SonicWall also recommends implementing a temporary workaround to mitigate the risk while upgrades are being deployed: “To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).”
The vulnerability was discovered and reported by the Microsoft Threat Intelligence Center (MSTIC).
Given the high severity of CVE-2025-23006 and the possibility of active exploitation, organizations using the SMA1000 AMC or CMC are urged to take the following steps:
- Upgrade Immediately: Install version 12.4.3-02854 (platform-hotfix) or later.
- Restrict Access: Limit AMC and CMC access to trusted sources.
- Follow Best Practices: Refer to the SMA1000 Administration Guide for additional security measures.
Related Posts:
- Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client
- SonicWall Issues Urgent Patch for Critical Firewall Vulnerability (CVE-2024-40766)
- Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication
- Malware Exploiting IoT Devices on the Rise, SonicWall Warns
- CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall