On 22 January 2025, SonicWall published a security detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialisation of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands. Arctic Wolf has not observed any publicly available proof of concept (PoC) exploits for this vulnerability.?
Recommendation?
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers to the latest fixed version.?
| Product? | Affected Version? | Fixed Version? |
| SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC)? | Version 12.4.3-02804 and earlier? | Version 12.4.3-02854? |
| Impacted Models: SMA6200, SMA6210, SMA7200, SMA7210, SMA8200v (ESX, KVM, Hyper-V, AWS, Azure), EX6000, EX7000, EX9000? | ||
Note: SonicWall Firewall and SMA 100 (SMA200, 210, 400, 410, and 500v) products are not affected by this vulnerability.?
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
Workaround?
- Restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).?
- Dual-homed appliances: Limit access to administrative consoles (default TCP port 8443) to trusted internal networks accessible via an internal interface only (will not impact user VPN traffic).??
- Single-homed appliances: Use a firewall to limit access to administrative consoles (default TCP port 8443) to trusted internal networks (will not impact user VPN traffic).??
- For additional information, refer to the section – Best Practices for Securing the Appliance.?
References?
Stay up to date with the?latest security incidents and trends?from Arctic Wolf Labs.?
Explore the latest global threats with the?2024 Arctic Wolf Labs Threats Report.??
