🔴 CVE-2025-23006

Critical pre-authentication deserialization vulnerability in SonicWall SMA1000 remote access appliances that allows unauthenticated remote attackers to execute arbitrary OS commands. This vulnerability is actively being exploited in the wild according to CISA KEV.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
Yes (+496d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-23

Added to CISA KEV: 2025-01-24 1 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-23006 is a critical security vulnerability affecting SonicWall's Secure Mobile Access (SMA) 1000 series appliances [2] [1]. Below is a summary of the known details regarding this flaw.

Vulnerability Overview
  • Description: The vulnerability is a pre-authentication deserialization of untrusted data flaw located in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SMA 1000 series [1].
  • Severity: It carries a CVSS v3.1 base score of 9.8 (Critical) [3] [5].
Exploitation and Impact
  • Active Exploitation: The vulnerability was reported as being actively exploited in the wild as a zero-day shortly after its discovery in January 2025 [2] [3]. It was subsequently added to the CISA Known Exploited Vulnerabilities (KEV) catalog [1].
  • Attack Method: It is a network-based attack that requires no user interaction and has low attack complexity [3].
  • Impact: Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary OS commands on the appliance [1] [5]. This grants the attacker full control over the device, leading to significant risks to confidentiality, integrity, and availability [3] [6].
  • Chained Attacks: There is evidence that this vulnerability has been used in chained attacks with other vulnerabilities, such as CVE-2025-40602, to bypass authentication or enhance the impact of the exploit [4].
Affected Versions and Mitigation
  • Affected Products: SonicWall SMA 1000 series appliances, specifically the Appliance Management Console (AMC) and Central Management Console (CMC) [1].
  • Affected Versions: Versions 12.4.3-02804 (platform-hotfix) and earlier are impacted [2] [6].
  • Status: SonicWall released security updates to address this vulnerability in January 2025 [5]. Organizations using these appliances are advised to ensure they are running the patched versions to mitigate the risk of exploitation.

Sources

  1. CVE-2025-23006 Detail - NVD

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management ... CVE-2025-23006 Detail. Description. Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA100…

  2. CVE-2025-23006: Critical Vulnerability Discovered in SonicWall ...

    This vulnerability has a CVSS score of 9.8 and has been reported as being actively exploited in the wild as a zero-day vulnerability. It impacts Appliance ... A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s Secure Mobile Access (SMA) 1000 series appliances. Th…

  3. CVE-2025-23006 - Exploits & Severity - Feedly

    CVE-2025-23006 is a critical vulnerability in SonicWall's Secure Mobile Access (SMA) 1000 product line, with a CVSS score of 9.8, allowing remote unauthenticated attackers to execute arbitrary OS commands, posing significant risks to confidentiality, integrity, and availability. ... The vulnerabilit…

  4. CVE-2025-40602 - Exploits & Severity - Feedly

    Feedly estimated the CVSS as HIGH based on the CVE details, attack complexity, and exploit information. Learn more. Dec 17, 2025 at 10:31 PM.While on its own, this flaw would require authentication in order to exploit, the advisory from SonicWall states that CVE-2025-40602 has been exploited in a ch…

  5. Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall ...

    SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. ... SonicWall Secure Mobile Access (SMA) 1000 Series Threat details Exploitation of CVE-2025-23006 The SonicWall Product Security Incident Response Team (PSIRT) has been notifi…

  6. CVE-2025-23006 : Pre-authentication Deserialization Vulnerability in...

    Potential Impact of CVE-2025-23006. Unauthorized Access: Exploitation of this vulnerability could result in unauthorized users gaining control over the SMA1000 appliance, leading to compromised security and potential exposure of sensitive data.Deploy the Patch →. Affected Version(s). SMA1000 Linux 1…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed