Vulnerability Details CVE-2025-23006
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.582
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
Ransomware Campaign
Known
Products affected by CVE-2025-23006
-
cpe:2.3:a:sonicwall:sma8200v:-
-
cpe:2.3:a:sonicwall:sma8200v:12.4.3-02804
-
cpe:2.3:h:sonicwall:sma6200:-
-
cpe:2.3:h:sonicwall:sma6210:-
-
cpe:2.3:h:sonicwall:sma7200:-
-
cpe:2.3:h:sonicwall:sma7210:-
-
cpe:2.3:h:sonicwall:sra_ex6000:-
-
cpe:2.3:h:sonicwall:sra_ex7000:-
-
cpe:2.3:h:sonicwall:sra_ex9000:-
-
cpe:2.3:o:sonicwall:sma6200_firmware:-
-
cpe:2.3:o:sonicwall:sma6200_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sma6210_firmware:-
-
cpe:2.3:o:sonicwall:sma6210_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sma7200_firmware:-
-
cpe:2.3:o:sonicwall:sma7200_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sma7210_firmware:-
-
cpe:2.3:o:sonicwall:sma7210_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sra_ex6000_firmware:-
-
cpe:2.3:o:sonicwall:sra_ex6000_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sra_ex7000_firmware:-
-
cpe:2.3:o:sonicwall:sra_ex7000_firmware:12.4.3-02804
-
cpe:2.3:o:sonicwall:sra_ex9000_firmware:-
-
cpe:2.3:o:sonicwall:sra_ex9000_firmware:12.4.3-02804