cvelistv5 - cve-2025-23006

CVE-2025-23006 (GCVE-0-2025-23006)

Vulnerability from cvelistv5

Published

2025-01-23 11:37

Modified

2025-10-21 22:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

References

URL

	Vendor	Product	Version
	SonicWall	SMA1000	Version: 12.4.3-02804 (platform-hotfix) and earlier versions.

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-01-24

Due date: 2025-02-14

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-23006",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T04:55:44.976003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-01-24",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:31.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-01-24T00:00:00+00:00",
            "value": "CVE-2025-23006 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux"
          ],
          "product": "SMA1000",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "12.4.3-02804 (platform-hotfix) and earlier versions."
            }
          ]
        }
      ],
      "datePublic": "2025-01-22T16:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.\u003c/span\u003e"
            }
          ],
          "value": "Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-23T11:37:41.148Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0002",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2025-23006",
    "datePublished": "2025-01-23T11:37:41.148Z",
    "dateReserved": "2025-01-09T09:08:55.359Z",
    "dateUpdated": "2025-10-21T22:55:31.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-23006",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2025-01-24",
      "dueDate": "2025-02-14",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006",
      "product": "SMA1000 Appliances",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.",
      "vendorProject": "SonicWall",
      "vulnerabilityName": "SonicWall SMA1000 Appliances Deserialization Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23006\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2025-01-23T12:15:28.523\",\"lastModified\":\"2025-10-31T15:56:18.303\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad de deserializaci\u00f3n de datos no confiables antes de la autenticaci\u00f3n en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones espec\u00edficas podr\u00eda permitir que un atacante remoto no autenticado ejecute comandos arbitrarios del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-01-24\",\"cisaActionDue\":\"2025-02-14\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"SonicWall SMA1000 Appliances Deserialization Vulnerability\",\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4.3-02854\",\"matchCriteriaId\":\"5F558E7D-E784-406B-B290-3A969DE5DB93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4.3-02854\",\"matchCriteriaId\":\"7B32A454-15AF-4D1F-9B2E-47FA49C54944\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B3C90F-F633-41B9-855E-902F6DC8ACA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4.3-02854\",\"matchCriteriaId\":\"03BAE67D-9500-48C3-9A57-4ACDC78ED2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B24D300-1154-49A1-A1F3-FB0CC717166A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4.3-02854\",\"matchCriteriaId\":\"5EB0E0F9-14CC-4B29-8026-6A4D3E73B46A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F7B4ED9-7A57-48DC-AAEC-A2C2EAFF3B64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4.3-02854\",\"matchCriteriaId\":\"6C94E32E-8FE8-43C4-B86B-CC7DBD0A9973\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B414C5-C376-4216-A267-ABC0930905CE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sra_ex6000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4.3-02804\",\"matchCriteriaId\":\"C1E84DDC-2CDB-447D-8403-C93FE16098C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sra_ex6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8115B7AF-C785-4F68-9728-A19536EB363F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sra_ex7000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4.3-02804\",\"matchCriteriaId\":\"2F33335D-F5C2-4F1C-819D-452381DC5656\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sra_ex7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13952D02-29BB-465C-8A5C-6B25CB1BAECD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sra_ex9000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4.3-02804\",\"matchCriteriaId\":\"5C85D8D6-5330-4B9D-A870-5A43E49CEDB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sra_ex9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDFDE82F-600E-48C7-AB15-ADDDFFBFC114\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23006\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-12T04:55:44.976003Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-01-24\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-01-24T00:00:00+00:00\", \"value\": \"CVE-2025-23006 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-23T14:25:28.478Z\"}}], \"cna\": {\"source\": {\"advisory\": \"SNWLID-2025-0002\", \"discovery\": \"EXTERNAL\"}, \"affected\": [{\"vendor\": \"SonicWall\", \"product\": \"SMA1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.4.3-02804 (platform-hotfix) and earlier versions.\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-01-22T16:22:00.000Z\", \"references\": [{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"shortName\": \"sonicwall\", \"dateUpdated\": \"2025-01-23T11:37:41.148Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23006\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:31.291Z\", \"dateReserved\": \"2025-01-09T09:08:55.359Z\", \"assignerOrgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"datePublished\": \"2025-01-23T11:37:41.148Z\", \"assignerShortName\": \"sonicwall\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0066

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Sonicwall Secure Mobile Access. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur a connaissance d'une exploitation active de la vulnérabilité CVE-2025-23006.

Impacted products

	Vendor	Product	Description
	Sonicwall	Secure Mobile Access	SMA1000 Appliance Management Console (AMC) versions antérieures à 12.4.3-02854

References

Title

Publication Time

ncsc-2025-0029

Vulnerability from csaf_ncscnl

Published

2025-01-23 13:50

Modified

2025-01-23 13:50

Summary

Kwetsbaarheid verholpen in SonicWall SMA1000 Appliance

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

SonicWall heeft een kwetsbaarheid verholpen in de SMA1000 Appliance Management Console en Central Management Console.

Interpretaties

De kwetsbaarheid bevindt zich in de SMA1000 Appliance Management Console en Central Management Console, waardoor externe, niet-geauthenticeerde aanvallers willekeurige OS-commando's kunnen uitvoeren. Dit probleem vereist een hotfix voor getroffen gebruikers. Het is belangrijk op te merken dat SonicWall Firewalls en SMA 100-serie producten niet door deze kwetsbaarheid zijn getroffen. Voor succesvol misbruik moet de kwaadwillende toegang hebben tot de management console. Het is goed gebruik een dergelijke managementinterface niet publiek toegankelijk te hebben, maar af te steunen in een separate beheeromgeving. SonicWall meldt informatie te hebben dat de kwetsbaarheid beperkt is misbruikt.

Oplossingen

SonicWall heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-502

Deserialization of Untrusted Data

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "SonicWall heeft een kwetsbaarheid verholpen in de SMA1000 Appliance Management Console en Central Management Console.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich in de SMA1000 Appliance Management Console en Central Management Console, waardoor externe, niet-geauthenticeerde aanvallers willekeurige OS-commando\u0027s kunnen uitvoeren. Dit probleem vereist een hotfix voor getroffen gebruikers. Het is belangrijk op te merken dat SonicWall Firewalls en SMA 100-serie producten niet door deze kwetsbaarheid zijn getroffen.\n\nVoor succesvol misbruik moet de kwaadwillende toegang hebben tot de management console. Het is goed gebruik een dergelijke managementinterface niet publiek toegankelijk te hebben, maar af te steunen in een separate beheeromgeving.\n\nSonicWall meldt informatie te hebben dat de kwetsbaarheid beperkt is misbruikt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "SonicWall heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - sonicwall",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002"
      }
    ],
    "title": "Kwetsbaarheid verholpen in SonicWall SMA1000 Appliance",
    "tracking": {
      "current_release_date": "2025-01-23T13:50:32.719670Z",
      "id": "NCSC-2025-0029",
      "initial_release_date": "2025-01-23T13:50:32.719670Z",
      "revision_history": [
        {
          "date": "2025-01-23T13:50:32.719670Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "sma1000",
            "product": {
              "name": "sma1000",
              "product_id": "CSAFPID-1751735",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sma1000:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "sonicwall"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-23006",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751735"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-23006",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-1751735"
          ]
        }
      ],
      "title": "CVE-2025-23006"
    }
  ]
}

fkie_cve-2025-23006

Vulnerability from fkie_nvd

Published

2025-01-23 12:15

Modified

2025-10-31 15:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006	US Government Resource

Impacted products

Vendor	Product	Version
sonicwall	sma8200v	*
sonicwall	sma6200_firmware	*
sonicwall	sma6200	-
sonicwall	sma6210_firmware	*
sonicwall	sma6210	-
sonicwall	sma7200_firmware	*
sonicwall	sma7200	-
sonicwall	sma7210_firmware	*
sonicwall	sma7210	-
sonicwall	sra_ex6000_firmware	*
sonicwall	sra_ex6000	-
sonicwall	sra_ex7000_firmware	*
sonicwall	sra_ex7000	-
sonicwall	sra_ex9000_firmware	*
sonicwall	sra_ex9000	-

JSON

To clipboard

{
  "cisaActionDue": "2025-02-14",
  "cisaExploitAdd": "2025-01-24",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "SonicWall SMA1000 Appliances Deserialization Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F558E7D-E784-406B-B290-3A969DE5DB93",
              "versionEndExcluding": "12.4.3-02854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B32A454-15AF-4D1F-9B2E-47FA49C54944",
              "versionEndExcluding": "12.4.3-02854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B3C90F-F633-41B9-855E-902F6DC8ACA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03BAE67D-9500-48C3-9A57-4ACDC78ED2AF",
              "versionEndExcluding": "12.4.3-02854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B24D300-1154-49A1-A1F3-FB0CC717166A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB0E0F9-14CC-4B29-8026-6A4D3E73B46A",
              "versionEndExcluding": "12.4.3-02854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7B4ED9-7A57-48DC-AAEC-A2C2EAFF3B64",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C94E32E-8FE8-43C4-B86B-CC7DBD0A9973",
              "versionEndExcluding": "12.4.3-02854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B414C5-C376-4216-A267-ABC0930905CE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sra_ex6000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E84DDC-2CDB-447D-8403-C93FE16098C5",
              "versionEndIncluding": "12.4.3-02804",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sra_ex6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8115B7AF-C785-4F68-9728-A19536EB363F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sra_ex7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F33335D-F5C2-4F1C-819D-452381DC5656",
              "versionEndIncluding": "12.4.3-02804",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sra_ex7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13952D02-29BB-465C-8A5C-6B25CB1BAECD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sra_ex9000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C85D8D6-5330-4B9D-A870-5A43E49CEDB2",
              "versionEndIncluding": "12.4.3-02804",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sra_ex9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDFDE82F-600E-48C7-AB15-ADDDFFBFC114",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de deserializaci\u00f3n de datos no confiables antes de la autenticaci\u00f3n en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones espec\u00edficas podr\u00eda permitir que un atacante remoto no autenticado ejecute comandos arbitrarios del sistema operativo."
    }
  ],
  "id": "CVE-2025-23006",
  "lastModified": "2025-10-31T15:56:18.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-23T12:15:28.523",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    }
  ]
}

ghsa-57r3-2prp-v2xh

Vulnerability from github

Published

2025-01-23 12:32

Modified

2025-10-22 00:33

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-23006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-23T12:15:28Z",
    "severity": "CRITICAL"
  },
  "details": "Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.",
  "id": "GHSA-57r3-2prp-v2xh",
  "modified": "2025-10-22T00:33:12Z",
  "published": "2025-01-23T12:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23006"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-23006 (GCVE-0-2025-23006)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2025-AVI-0066

Vulnerability from certfr_avis

Solutions

ncsc-2025-0029

Vulnerability from csaf_ncscnl

fkie_cve-2025-23006

Vulnerability from fkie_nvd

ghsa-57r3-2prp-v2xh

Vulnerability from github

Tags

Sightings

Nomenclature