Secure Mobile Access (SMA) 1000 Series appliances of Sonicwall have reportedly been hunted in the wild with a zero-day. The vulnerability, tagged as CVE-2025-23006, carries a score of 9.8 out of a maximum of 10.0 on the CVSS scoring system.
Sonicwall is urging its customers to apply the patch immediately and has issued an advisory for the same, stating,” Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands”. The flaw does not reside in its Firewall and SMA 100 series products and has been addressed in version 12.4.3-02854 (platform-hotfix).
The company has credited the Microsoft Threat Intelligence Center (MSTIC) for identifying and reporting the security flaw. SonicWall also stated that it is aware of “possible active exploitation” by anonymous malicious actors, necessitating customers to apply the fixes as soon as possible to prevent potential attack attempts. It is advised that customers restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).
Following are the advised actions for Sonicwall customers to act upon:
- Upgrade Software: Install version 12.4.3-02854 or higher without delay.
- Restrict Access: Allow AMC and CMC access only to trusted IP addresses.
- Monitor Systems: Deploy network monitoring tools to detect unusual activity.
