SonicWall SMA zero-day exploited in attacks

SonicWall SMA zero-day exploited in attacks

A zero-day vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 1000 Series appliances, which is currently being exploited by attackers. The vulnerability affects the Appliance Management Console (AMC) and Central Management Console (CMC) of the SMA 1000 series, potentially allowing remote, unauthenticated attackers to execute arbitrary OS commands on affected devices.

SonicWall SMA appliances are widely used by enterprises to provide secure access to applications and resources for remote employees. The vulnerable SMA 1000 series is specifically designed for large distributed organizations with thousands of employees. The flaw (CVE-2025-23006), described as a deserialization of untrusted data issue, could allow an attacker to trigger the execution of arbitrary OS commands if certain conditions are met.

The vulnerability is present in version 12.4.3-02804 (platform-hotfix) and earlier versions of the SMA 1000 appliances. SonicWall has released a patch in version 12.4.3-02854 (platform-hotfix) and higher versions to address the issue and mitigate potential attacks. The specifics of how the vulnerability is being actively exploited remain scarce.

Organizations using affected versions of SonicWall SMA 1000 appliances are strongly urged to update their systems to the patched versions to avoid potential compromise.

In addition to the SonicWall SMA 1000 Series vulnerability, Cisco has also disclosed several vulnerabilities, a privilege escalation vulnerability (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) in Cisco Meeting Management. The latter flaw, when exploited, could terminate the ClamAV scanning process on endpoints running the Cisco Secure Endpoint Connector. Cisco has confirmed that proof-of-concept (PoC) exploit code for CVE-2025-20128 is already available, but there is currently no evidence that it is being actively exploited.

Back to the list

Latest Posts

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

The two men arrested in Spain are accused of overseeing the global distribution of Sky ECC devices and software.
12 February 2025
Sandworm APT targets Ukraine with trojanized Microsoft KMS activation tools

Sandworm APT targets Ukraine with trojanized Microsoft KMS activation tools

The attackers utilized a BACKORDER loader to deploy DarkCrystal RAT.
12 February 2025
North Korean Kimsuky adopted a new tactic to infiltrate targets

North Korean Kimsuky adopted a new tactic to infiltrate targets

The new tactic involves the threat actor tricking individuals into executing PowerShell commands as administrators.
12 February 2025