CVE-2025-23006

SonicWall | SMA1000 AppliancesAdded 2025-01-24Remediation Deadline 2025-02-14Active Ransomware Campaign

SonicWall SMA1000 Appliances Deserialization Vulnerability

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-502

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
https://nvd.nist.gov/vuln/detail/CVE-2025-23006

Cybersecurity Alerts

CVE-2025-23006

SonicWall SMA1000 Appliances Deserialization Vulnerability

Required Action

Weakness Classification

References