SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.
The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
“Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands,” the company said in an advisory.
It’s worth noting that CVE-2025-23006 does not affect its Firewall and SMA 100 series products. The flaw has been addressed in version 12.4.3-02854 (platform-hotfix).
SonicWall also said that it has been notified of “possible active exploitation” by unspecified threat actors, necessitating that customers apply the fixes as soon as possible to prevent potential attack attempts.
The company credited the Microsoft Threat Intelligence Center (MSTIC) with discovering and reporting the security shortcoming.
“To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC),” the company recommended.
