SonicWall has issued a warning regarding a critical vulnerability in its Secure Mobile Access (SMA) 1000 products, potentially already exploited. The vulnerability, identified as CVE-2025-23006, could allow a remote attacker to execute arbitrary OS commands without authentication, given specific conditions. SonicWall has released hotfix version 12.4.3-02854 to address the issue, marking earlier versions as vulnerable. The risk affects the Appliance Management Console (AMC) and Central Management Console (CMC), crucial for administrative functions. Users are urged to restrict access to these consoles as part of best practices to mitigate potential threats.
SonicWall disclosed a critical vulnerability in the SMA 1000 products with a severity rating of 9.8, warning attackers could perform arbitrary OS commands.
The vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands under certain unspecified conditions, emphasizing urgent patch application.
A recent hotfix, version 12.4.3-02854, has been released to address the critical bug, while prior versions remain vulnerable and subject to attack.
To mitigate risk from CVE-2025-23006, users are advised to limit AMC and CMC access to trusted sources, adhering to best practices.
Collection
[
|
...
]