SonicWall has issued an urgent advisory concerning a critical security flaw in its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability, identified as CVE-2025-23006, carries a severity rating of 9.8 out of 10 on the CVSS scale, indicating its high potential impact.

Nature of the Vulnerability

The flaw stems from a pre-authentication deserialisation of untrusted data within the Appliance Management Console (AMC) and Central Management Console (CMC). This weakness could allow a remote, unauthenticated attacker to execute arbitrary operating system commands on the affected devices.

Scope of Impact

It’s important to note that this vulnerability is specific to the SMA 1000 Series appliances and does not affect SonicWall’s Firewall or SMA 100 series products.

Active Exploitation and Urgent Recommendations

SonicWall has been informed of potential active exploitation of this vulnerability by unidentified threat actors. In response, the company has released a patch in version 12.4.3-02854 (platform-hotfix) and strongly advises all users to apply this update immediately to mitigate potential risks.

Additionally, SonicWall recommends restricting access to the AMC and CMC interfaces to trusted sources only, further reducing the attack surface.

Acknowledgment

The discovery and reporting of this critical vulnerability are credited to the Microsoft Threat Intelligence Center (MSTIC).

Conclusion

Given the severity of CVE-2025-23006 and the possibility of its active exploitation, it is imperative for organisations utilising SonicWall SMA 1000 Series appliances to promptly apply the recommended patch and implement the advised security measures. Timely action is crucial to safeguard systems against potential attacks.