Security Intelligence
Loading table of contents...
Loading table of contents...
SonicWall has addressed a critical vulnerability impacting its Secure Mobile Access (SMA) 1000 series access gateway which may have been exploited as a zero-day by threat actors.
The vulnerability, designated CVE-2025-23006, is a remote code execution flaw in the Appliance Management Console (AMC) and Central Management Console (CMC) administration tools used by SMA 1000 gateways. If exploited successfully, it could allow an unauthenticated threat actor to execute arbitrary OS commands on the vulnerable device under certain conditions.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
CVE-2025-23006 affects version all versions SMA 1000 firmware up to 12.4.3-02804, while SonicWall Firewall and SMA 100 series products are not impacted. SonicWall is advising impacted users to install the relevant updates as soon as possible.
Source: SecurityWeek
Analysis
Vulnerabilities in widely used security devices, such as SonicWall firewalls and gateways, could allow threat actors to bypass defenses and gain unauthorized access to internal networks and thus represent a significant threat to the cybersecurity posture of organizations that have them deployed.
SonicWall devices, specifically SMA gateways, have been targeted multiple times over the past few years. For example, in 2021, SonicWall disclosed that a zero-day vulnerability in its SMA 100 series gateways led to the breach of sensitive internal systems that was attributed to Chinese threat actors. Should impacted users not patch CVE-2025-23006 in due time, it could be exploited in a similar manner.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in gateways like SonicWall. Field Effect MDR users are automatically notified if vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of the affected SonicWall firewall versions to update to the latest version as soon as possible, in accordance with the advisory.
