SonicWall is warning customers about a critical security flaw affecting its 1000 Series Secure Mobile Access (SMA) appliances, which it says have likely been used in the wild as a zero-day.
Vulnerability, tracked as CVE-2025-23006rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
“A pre-authentication untrusted data deserialization vulnerability has been discovered in the SMA1000 Device Management Console (AMC) and Central Management Console (CMC), which under certain conditions could potentially allow a remote, unauthenticated attacker to execute arbitrary OS commands,” the company said in a statement. said in the consulting room.
It should be noted that CVE-2025-23006 does not affect the firewall and SMA 100 series products. The vulnerability was addressed in version 12.4.3-02854 (platform patch).
SonicWall also said it was notified of “potential active exploitation” by unspecified threat actors, requiring customers to apply patches as soon as possible to prevent potential attack attempts.
The company acknowledged the detection and reporting of the security flaw to the Microsoft Threat Intelligence Center (MSTIC).
“To minimize the potential impact of the vulnerability, ensure that you restrict access to trusted sources for the Device Management Console (AMC) and Central Management Console (CMC),” the company advised.
