SonicWall Critical Vulnerability - 20250128003

Overview

SonicWall has released a security advisory for a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

What is vulnerable

Product(s) Affected	Version(s)	CVE	CVSS	Severity
SMA1000 Appliance Management Console (AMC)	Version 12.4.3-02804 (platform-hotfix) and earlier versions	CVE-2025-23006	9.8	Critical
Central Management Console (CMC)	Version 12.4.3-02804 (platform-hotfix) and earlier versions	CVE-2025-23006	9.8	Critical

What has been observed

SonicWall PSIRT has been notified of possible active exploitation in the wild.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• SonicWall: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

Additional References

• Security Week: https://www.securityweek.com/sonicwall-learns-from-microsoft-about-potentially-exploited-zero-day/
• Center for Internet Security: https://www.cisecurity.org/advisory/a-vulnerability-in-sonicwall-secure-mobile-access-sma-1000-series-appliances-could-allow-for-remote-code-execution_2025-010