SonicWall SMA1000 Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog

January 24, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a known vulnerability in SonicWall's SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) to its Known Exploited Vulnerabilities catalog. This vulnerability, known as CVE-2025-23006, was recently brought to attention by SonicWall, who warned their customers of its critical nature. The flaw, which has a CVSS score of 9.8, affects SonicWall's Secure Mobile Access (SMA) 1000 Series appliances. Notably, the vulnerability is a pre-authentication deserialization of untrusted data issue that has likely already been exploited in the wild as a zero-day.

The company's advisory states, “Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.” SonicWall has also received reports of potential exploitation of this vulnerability by unknown threat actors. The company strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability.

This flaw affects version 12.4.3-02804 (platform-hotfix) and earlier versions. SonicWall is urging its customers to rectify the vulnerability as soon as possible. To address the flaw, the company has released Version 12.4.3-02854. The Microsoft Threat Intelligence Center (MSTIC) was the first to discover the vulnerability. However, SonicWall has not released any details regarding the attacks that exploited the flaw as a zero-day, or the motivations behind the attackers.

Experts recommend limiting AMC and CMC access to trusted sources and adhering to the SMA1000 Administration Guide’s best practices to minimize the impact of the vulnerability. As per the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies are required to address the identified vulnerabilities by the due date to safeguard their networks against attacks that exploit the flaws in the catalog. Private organizations are also advised to review the Catalog and address the vulnerabilities in their infrastructure. CISA has set a deadline of February 13, 2025, for federal agencies to fix this vulnerability.

Latest News

• Urgent Call to Secure Systems Against Ongoing Attacks Exploiting Microsoft Outlook RCE Vulnerability
• Critical Authentication Bypass Vulnerability in SonicOS: Proof-of-Concept Revealed
• CISA Adds Apple's Flaw to Known Exploited Vulnerabilities Catalog
• Apple Patches First Actively Exploited Zero-Day Vulnerability of the Year
• Critical Security Flaw Identified in Meta's Llama Framework, Exposing AI Systems to Potential Remote Code Execution