www.belgium.be Logo of the federal government

WARNING: CRITICAL RCE VULNERABILITY IN SONICWALL SMA1000 APPLIANCE MANAGEMENT CONSOLE IS ACTIVELY EXPLOITED, PATCH IMMEDIATELY!

Referentie: 
Advisory #2025-19
Versie: 
1.1
Geïmpacteerde software: 
SonicWall SMA1000 Appliance Management Console < 12.4.3-02854
Type: 
Pre-authentication Remote Command Execution
CVE/CVSS: 

CVE-2025-23006: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

SonicWall - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
SonicWall - https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840

Risico’s

CVE-2025-23006 could enable attackers to completely compromise the device by allowing the execution of arbitrary operating system commands.

SonicWall has revealed that this vulnerability might already be exploited by threat actors. Impact is high on all fronts: confidentiality, integrity and availability.

Update (2025-01-27)
SonicWall confirmed the vulnerability is actively exploited by threat actors.

Beschrijving

A vulnerability involving pre-authentication deserialization of untrusted data has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).

Details have not been disclosed yet, as SonicWall has warned that this vulnerability may already be exploited by threat actors. The company strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address this issue.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

  • Upgrade Immediately: Install version 12.4.3-02854 (platform-hotfix) or later.
  • Restrict Access: Limit AMC and CMC access to trusted sources.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

Security Online - https://securityonline.info/cve-2025-23006-sonicwall-warns-of-active-exploits/