SonicWall reports actively exploited critical flaw SMA appliances, urges immediate patch
Take action: This is an urgent patch. If you are using SonicWall Secure Mobile Access products, wake up your engineering team and get to patching and locking down management interface immediately. Because hackers are already at work and this product is exposed to the internet by design.
Learn More
SonicWall is reporting a critical security vulnerability affecting its Secure Mobile Access (SMA) 1000 Series appliances that's likely being actively exploited as a zero-day in the wild.
The flaw is tracked as CVE-2025-23006 (CVSS score: 9.8) and involves a pre-authentication deserialization of untrusted data in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Under specific conditions, this flaw allows remote unauthenticated attackers to execute arbitrary OS commands on affected systems.
Affected Products and Versions:
- SMA 1000 Series appliances version 12.4.3-02804 (platform-hotfix) and earlier
- The vulnerability does not impact SonicWall Firewall or SMA 100 series products
The vulnerability is extremely dangerous since it affects SonicWall's products used by large distributed enterprises with thousands of employees to provide remote application access.
SonicWall has released version 12.4.3-02854 (platform-hotfix) to address the vulnerability. Organizations are strongly advised to upgrade to this patched version immediately. As an additional security measure, access to the Appliance Management Console (AMC) and Central Management Console (CMC) should be restricted to trusted sources.
