CVE-2025-23009
published 2025-04-10CVE-2025-23009: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file…
PriorityP433high7.2CVSS 3.1
AVPACLPRLUIRSCCHIHAH
EPSS
0.34%
26.3th percentile
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | netextender | — | — |
| sonicwall | netextender | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2025-23009: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary fi
vendor_sonicwall·2025-04-10·CVSS 7.2
CVE-2025-23009 [HIGH] CWE-250 CVE-2025-23009: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary fi
CVE-2025-23009: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
GHSA
GHSA-wvjf-p8qj-4524: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary fi
ghsa_unreviewed·2025-04-10
CVE-2025-23009 [MEDIUM] CWE-250 GHSA-wvjf-p8qj-4524: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary fi
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-10
Published