CVE-2025-23006β€”SonicWall SMA1000 Appliances Deserialization Vulnerability

PUBLISHEDvulnerability record
2025-01-24 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2025-23006
Project:
SonicWall
Product:
SMA1000 Appliances
Date Added:
2025-01-24
Due Date:
2025-02-14
Last Updated:
June 21, 2025

Vulnerability Name

SonicWall SMA1000 Appliances Deserialization Vulnerability

Description

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses