- Microsoft found a zero day on a Sonicwall remote access device
- It was supposedly already being exploited in nature
- Computer pirates were using it to execute the code remotely
Computer pirates are abusing a zero day in a Sonicwall product to enter corporate networks and implement malware, experts have warned.
In a security notice, Sonicwall urged its users to apply the patch or implement a solution, as soon as possible.
Vulnerability is tracked as CVE-2025-23006. The National Vulnerability Database (NVD) gave it a seriously 9.6/10, critical score. It was discovered by Microsoft in the SMA 1000 (AMC) appliance management console and the central management console (CMC), tools designed to administer and control the Sonicwall network security devices, particularly in environments where safe remote access and safe access and Centralized management are priorities.
Thousands of vulnerable appliances
The error was described as a “deerialization prior to the authorization of the non -reliable data”, and says that, under specific conditions, it can allow a non -authenticated remote attacker to execute arbitrary commands of the operating system.
“Sonicwall Psirt has been notified of the possible active exploitation of vulnerability to reference by threat actors,” says the warning. “We strongly advise users of the SMA1000 product to update the Hotfix launching version to address vulnerability.”
Both Sonicwall and Microsoft do not say who the attackers are, who were the victims or how many there were.
Citing the results of the Shodan search engine, Bleepingcomuter said there are “several” SMA 1000 appliances exposed on the Internet, hinting at a potentially wide attack landscape for threat actors. In recent times, threat actors have focused more and more on edge devices, since they are not so diligently monitored and allow them to enter the target infrastructure and move laterally, while they remain somewhat hidden.
Sonicwall added that the products of the Firewall and SMA 100 series are not affected by vulnerability.
In the notice, the company also added that to minimize the potential impact of the failure, users must ensure access to reliable sources for the appliance management console (AMC) and the central management console (CMC).
Through Techcrunch
