Bronnen

SonicWall - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
SonicWall - https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840

Risico’s

CVE-2025-23006 could enable attackers to completely compromise the device by allowing the execution of arbitrary operating system commands.

SonicWall has revealed that this vulnerability might already be exploited by threat actors. Impact is high on all fronts: confidentiality, integrity and availability.

Update (2025-01-27)
SonicWall confirmed the vulnerability is actively exploited by threat actors.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

• Upgrade Immediately: Install version 12.4.3-02854 (platform-hotfix) or later.
• Restrict Access: Limit AMC and CMC access to trusted sources.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

Security Online - https://securityonline.info/cve-2025-23006-sonicwall-warns-of-active-exploits/