CVE-2025-23008
published 2025-04-10CVE-2025-23008: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify…
PriorityP432high7.2CVSS 3.1
AVPACLPRLUIRSCCHIHAH
EPSS
0.30%
21.6th percentile
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | netextender | — | — |
| sonicwall | netextender | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2025-23008: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify
vendor_sonicwall·2025-04-10·CVSS 7.2
CVE-2025-23008 [HIGH] CWE-250 CVE-2025-23008: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify
CVE-2025-23008: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
GHSA
GHSA-9f82-pr9c-9f3x: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify
ghsa_unreviewed·2025-04-10
CVE-2025-23008 [HIGH] CWE-250 GHSA-9f82-pr9c-9f3x: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-53045 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53045 [MEDIUM] CVE-2025-53045 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
CVE-2025-53045 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://access.redhat.com/errata/RHSA-2025:23
Bugzilla
CVE-2025-53040 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53040 [MEDIUM] CVE-2025-53040 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
CVE-2025-53040 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://access.redhat.com/errat
Bugzilla
CVE-2025-53062 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53062 [MEDIUM] CVE-2025-53062 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
CVE-2025-53062 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://access.redhat.com/errata/RHSA-2025:23
Bugzilla
CVE-2025-53069 mysql: Components Services unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53069 [MEDIUM] CVE-2025-53069 mysql: Components Services unspecified vulnerability (CPU Oct 2025)
CVE-2025-53069 mysql: Components Services unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://acc
Bugzilla
CVE-2025-53042 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53042 [MEDIUM] CVE-2025-53042 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
CVE-2025-53042 mysql: Optimizer unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://access.redhat.com/errat
Bugzilla
CVE-2025-53044 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
bugzilla·2025-10-21·CVSS 4.9
CVE-2025-53044 [MEDIUM] CVE-2025-53044 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
CVE-2025-53044 mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:23008 https://access.redhat.com/errata/RHSA-2025:23
2025-04-10
Published