FlagThis

A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). This flaw, classified under CWE-502 (Deserialization of Untrusted Data), carries a severity score of 9.8 (Critical), indicating its potential for a devastating impact. SonicWall has confirmed active exploitation of this vulnerability by malicious actors, allowing them to execute arbitrary OS commands on affected appliances. The vulnerability stems from the improper handling of data during deserialization processes. This flaw can be exploited by attackers to inject malicious code into the targeted appliances, ultimately leading to complete system compromise. SonicWall has issued an urgent security advisory and released a patch for this vulnerability. The company strongly urges users to update their SMA1000 appliances immediately.

ImgSrc: blogger.googleusercontent.com

References:

• @screaminggoat - SonicWall exploited zero-day : CVE-2025-23006 ( 9.8 critical ) Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) - 6d
• Vulnerability Archives ? Cybersecurity News - CVE-2025-23006 (CVSS 9.8): SonicWall Warns of Active Exploits, Issues Urgent Update for SMA1000 Users - 6d
• BleepingComputer - SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks - 6d
• gbhackers.com - SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks - 6d
• @BleepingComputer - SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks - 6d
• securityonline.info - SonicWall has issued an urgent security advisory warning of a critical vulnerability in its SMA1000 Appliance Management Console - 6d
• www.bleepingcomputer.com - SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks - 6d
• www.heise.de - Security appliance: Attackers hijack SonicWall devices with system commands The vulnerability is already being used by malicious users, according to the manufacturer. Anyone using the affected applian - 6d
• @heiseonlineenglish - Security appliance: Attackers hijack SonicWall devices with system commands The vulnerability is already being used by malicious users, according to the manufacturer. Anyone using the affected applian - 5d
• @screaminggoat - CISA : Hot off the press! ( 9.8 critical ) SonicWall SMA1000 Appliances Deserialization Vulnerability. See parent toot above for the security advisory. - 5d
• - SonicWall: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) - 5d
• Security Archives - Security Affairs - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog - 4d
• @BleepingComputer - SonicWall SMA1000 Appliance Management Console flaw - 4d
• @jos1264 - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com - 4d
• The Hacker News - SonicWall urges immediate patch for critical CVE-2025-23006 flaw amid likely exploitation - 4d
• ciso2ciso.com - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com - 4d
• @AAKL - CISA has updated the KEV Catalogue. - CVE-2025-23006: SonicWall SMA1000 Appliances Deserialization Vulnerability - 4d
• Tenable Blog - Tenable: CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited - 4d
• ciso2ciso.com - SonicWall is warning customers of a critical vulnerability that was potentially already exploited as a zero-day. The bug affects SonicWall’s Secure Mobile Access (SMA) line, specifically the SM - 3d
• @theregister - SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Big organizations and governments are main users of these gateways SonicWall is warning customers of a critical vulnerabilit - 3d
• CISO2CISO.COM & CYBER SECURITY GROUP - SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix – Source: go.theregister.com - 3d
• www.helpnetsecurity.com - 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) - 2d
• Chemical Facility Security News - CISA Adds SonicWall Vulnerability to KEV Catalog – 1-24-25 - 2d
• Help Net Security - 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) - 2d

Classification:

• HashTags: SonicWall CVE-2025-23006 SecurityAppliance
• Company: SonicWall
• Target: SonicWall SMA1000 Appliances
• Product: SMA1000 Appliance
• Feature: Deserialization of Untrusted D
• Type: Vulnerability
• Severity: Critical