
SonicWall has identified a critical security vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 Series appliances. The flaw, which carries a severe CVSS score of 9.8/10, is reportedly being exploited as a zero-day vulnerability in the wild.
The security issue stems from a pre-authentication deserialization vulnerability in both the Appliance Management Console (AMC) and Central Management Console (CMC). This flaw potentially allows unauthorized remote attackers to execute arbitrary OS commands on affected systems.
Key Points:
– Only affects SMA 1000 Series; Firewall and SMA 100 series remain unaffected
– Patch available in version 12.4.3-02854 (platform-hotfix)
– Discovered and reported by Microsoft Threat Intelligence Center (MSTIC)
– Active exploitation observed by threat actors
SonicWall urges customers to immediately implement the security patch and restrict AMC and CMC access to trusted sources only to mitigate potential risks.