Summary: SonicWall has confirmed in-the-wild exploitation of a recently discovered critical vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 series products, allowing remote command execution without authentication. Customers are urged to apply the firmware patch (version 12.4.3-02854) and restrict administrative access to protect against potential attacks. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog with a compliance deadline for federal agencies.
Affected: SonicWall Secure Mobile Access (SMA) 1000 series products
Keypoints :
- Critical untrusted data deserialization issue leading to remote command execution.
- Firmware version 12.4.3-02854 has been released to patch the vulnerability.
- Approximately 2,000 SMA appliances are exposed to the internet, increasing the risk of exploitation.
- CISA has mandated that federal agencies must address this flaw by February 14.
- Organizations are urged to restrict administrative access to mitigate risks.
Source: https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/