Log In
Request Demo Start 30-Day Trial
Back to CVEs
CVE CVE

CVE-2025-23006

CISA Known Exploited Vulnerability (KEV)

SonicWall SMA1000 Appliances Deserialization Vulnerability

January 24, 2025

February 14, 2025

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

References

Weakness Enumeration

CWE-ID CWE Name

CWE-502 		Deserialization of Untrusted Data

Known Affected Software Configurations


cpe:2.3:a:sonicwall:sma8200v:-:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:sma8200v:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma6200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma6200_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma6210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma6210_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma7200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma7200_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma7210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sma7210_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex6000_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex7000_firmware:12.4.3-02804:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_ex9000_firmware:12.4.3-02804:*:*:*:*:*:*:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined