【Vulnerability Alert】SonicWall SMA1000 Security Vulnerability (CVE-2025-23006) – Immediate Patching Recommended
publish date :
2025-02-05
update date :
2025-02-05
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025020408021919 | Publication Time | 2025/02/04 08:44 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/02/03 17:50 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】SonicWall SMA1000 Security Vulnerability (CVE-2025-23006) – Immediate Patching Recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202502-00000018 Researchers have discovered a deserialization vulnerability (CVE-2025-23006) in SonicWall SMA1000 series devices. This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands. This vulnerability has already been exploited by hackers. Immediate verification and patching are strongly recommended. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] SonicWall SMA1000 series devices running version 12.4.3-02804 and earlier |
|||
| [Recommended Actions] The official security update has been released to address this vulnerability. Please refer to the official announcement at the following link: https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840 |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-23006 2. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 3. https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840 |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
