A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers.
“We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company said on Wednesday.
About CVE-2025-23006
SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. The SMA 1000 series of appliances is aimed at large distributed enterprises of up to thousands of employees.
CVE-2025-23006 is a deserialization of untrusted data vulnerability in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), and can be exploited by remote, unauthenticated attackers to execute arbitrary OS commands, if specific (currently unspecified) conditions are present.
Microsoft Threat Intelligence Center (MSTIC) has been credited with reporting the flaw and notifying the SonicWall Product Security Incident Response Team (PSIRT) “of possible active exploitation”, but additional details about the vulnerabilities and the attacks have yet to be shared.
CVE-2025-23006 affects version 12.4.3-02804 (platform-hotfix) and earlier versions of SMA 1000 appliances, and has been fixed in version 12.4.3-02854 (platform-hotfix) and higher versions.
“To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC),” the company advised, and confirmed that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.