SonicWall is alerting clients of a vital safety flaw impacting its Safe Cellular Entry (SMA) 1000 Collection home equipment that it stated has been possible exploited within the wild as a zero-day.
The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a most of 10.0 on the CVSS scoring system.
“Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands,” the corporate stated in an advisory.
It is price noting that CVE-2025-23006 doesn’t have an effect on its Firewall and SMA 100 collection merchandise. The flaw has been addressed in model 12.4.3-02854 (platform-hotfix).
SonicWall additionally stated that it has been notified of “possible active exploitation” by unspecified risk actors, necessitating that clients apply the fixes as quickly as attainable to forestall potential assault makes an attempt.
The corporate credited the Microsoft Menace Intelligence Heart (MSTIC) with discovering and reporting the safety shortcoming.
“To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC),” the corporate beneficial.
