SonicWall Patches Multi Vulnerabilities in NetExtender VPN Client

SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.

SonicWall outlined three distinct vulnerabilities affecting NetExtender for Windows versions 10.3.1 and earlier:

• CVE-2025-23008 — Improper Privilege Management (CVSS 7.2)

This high-severity flaw allows a low-privileged attacker to modify critical configurations on the client machine. This could be used to re-route VPN connections or weaken security settings, undermining the integrity of secure access mechanisms.

• CVE-2025-23009 — Local Privilege Escalation via Arbitrary File Deletion (CVSS 5.9)

A classic privilege escalation vector, this vulnerability allows attackers to delete arbitrary files on the system, potentially triggering elevation of privileges or disruption of services. If exploited, this bug could be chained with other vulnerabilities or used to delete log files, security policies, or other sensitive configurations.

• CVE-2025-23010 — Link Following File Access Issue (CVSS 6.5)

This flaw stems from improper handling of symbolic links (symlinks), which attackers can manipulate to redirect file operations to unintended or unauthorized locations. This could allow tampering with system files or redirecting VPN credential handling to attacker-controlled paths.

Affected:

• NetExtender Windows (32 and 64 bit): Version 10.3.1 and earlier

Fixed in:

• NetExtender Windows (32 and 64 bit): Version 10.3.2 and later

While there is no evidence of active exploitation, the company warns that attackers could exploit these flaws for unauthorized configuration changes, privilege escalation, or file path manipulation.

“SonicWall strongly advises users of the NetExtender Windows (32 and 64 bit) client to upgrade to the mentioned fixed release version to address these vulnerabilities,” the advisory states.

Related Posts:

• SonicWall Issues Urgent Patch for Critical Firewall Vulnerability (CVE-2024-40766)
• Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication
• Malware Exploiting IoT Devices on the Rise, SonicWall Warns
• SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild
• Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766)

About The Author

Ddos

Ddos is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.

See author's posts