CVE-2025-23006

Name of the Vulnerable Software and Affected Versions SonicWall SMA 1000 Series versions prior to 12.4.3-02854

Description A critical pre-authentication deserialization of untrusted data vulnerability exists in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary OS commands. Active exploitation of this vulnerability, tracked as CVE-2025-23006, has been reported. Approximately 958,000 services are potentially affected. The vulnerability allows attackers with access to the internal interface to conduct remote code execution.

Recommendations Upgrade to SonicWall SMA version 12.4.3-02854 or later. Restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC). Configure the appliance to use dual interfaces. Configure the appliance to use dual network gateways. Ensure that the appliance is not exposed to the internet. Give the appliance access to only the necessary resources on the customer network. Enable strict IP address restrictions for the SSH service. Enable strict IP address restrictions for the SNMP service. Use a secure passphrase for the SNMP community string. Disable or suppress ICMP traffic. Use an NTP server. Protect the server certificate that the appliance is configured to use.