⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2025-02-14.

CVE-2025-23006Deserialization of Untrusted Data in Sma1000

CWE-502Deserialization of Untrusted DataCWE-476NULL Pointer Dereference9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
58.5%
top 1.79%
CISA KEV
KEVRansomware
Added 2025-01-24
Due 2025-02-14
Exploit
No known exploits
Affected products
9
Sonicwall Sma6200 FirmwareSonicwall Sma6210 FirmwareSonicwall Sma7200 Firmware+6 more
Timeline
PublishedJan 23
KEV addedJan 24
KEV dueFeb 14
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

CVEListV5sonicwall/sma100012.4.3-02804 (platform-hotfix) and earlier versions.
NVDsonicwall/sma8200v< 12.4.3-02854
NVDsonicwall/sma6200_firmware< 12.4.3-02854
NVDsonicwall/sma6210_firmware< 12.4.3-02854
NVDsonicwall/sma7200_firmware< 12.4.3-02854

🔴Vulnerability Details

3
CVEList
CVE-2025-23006: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central M2025-01-23
GHSA
GHSA-57r3-2prp-v2xh: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central M2025-01-23
VulnCheck
SonicWall SMA1000 Appliances Deserialization Vulnerability2025

📋Vendor Advisories

2
CISA
SonicWall SMA1000 Appliances Deserialization Vulnerability2025-01-24
Microsoft
In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is2023-03-14

🕵️Threat Intelligence

1
Bleepingcomputer
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks2025-01-23
CVE-2025-23006 — Deserialization of Untrusted Data | cvebase