Critical Vulnerability Found in SMA1000 Appliances
/ 1 min read
🛠️ Critical Remote Command Execution Vulnerability Discovered in SMA1000 Appliances. A severe pre-authentication deserialization vulnerability (CVE-2025-23006) has been identified in the SMA1000 Appliance Management Console and Central Management Console, allowing potential remote unauthenticated attackers to execute arbitrary OS commands. Rated 9.8 on the CVSS scale, this flaw poses significant risks, with reports of possible active exploitation. SonicWall advises users to upgrade to the latest hotfix version (12.4.3-02854 or higher) to mitigate the threat. Additionally, users are urged to restrict access to the management consoles to trusted sources as a precautionary measure. Notably, SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.
