CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability identified in the SMA1000 Appliance Management Console and Central Management Console. Find Arctic Wolf’s recommendations.

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands. Arctic Wolf has not observed any publicly available proof of concept (PoC) exploits for this vulnerability.

Recommendation

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.

Product	Affected Version	Fixed Version
SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC)	Version 12.4.3-02804 and earlier	Version 12.4.3-02854
Impacted Models: SMA6200, SMA6210, SMA7200, SMA7210, SMA8200v (ESX, KVM, Hyper-V, AWS, Azure), EX6000, EX7000, EX9000

Note: SonicWall Firewall and SMA 100 (SMA200, 210, 400, 410, and 500v) products are not affected by this vulnerability.

Please follow your organization’s patching and testing guidelines to minimize potential operational impact.

Workaround

Restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).

Dual-homed appliances: Limit access to administrative consoles (default TCP port 8443) to trusted internal networks accessible via an internal interface only (will not impact user VPN traffic).

Single-homed appliances: Use a firewall to limit access to administrative consoles (default TCP port 8443) to trusted internal networks (will not impact user VPN traffic).

For additional information, refer to the SMA1000 Administration Guide, section – Best Practices for Securing the Appliance.

References

Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.

Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.

Resources

Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Security Bulletins

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

Partners

Company

Careers

Press

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Recommendation

Upgrade to Latest Fixed Version

Workaround

Popular Topics

Share this post:

What to read next

3 min read

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

4 min read

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

8 min read

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

2 min read

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Accessibility Statement

Information Security

Sustainability Statement

Cookies Settings

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347