Summary: SonicWall has released patches for three vulnerabilities in its NetExtender Windows VPN client, including a high-severity flaw that could be exploited by authenticated attackers. The update addresses improper privilege management and two medium-severity vulnerabilities affecting file manipulation. Users are strongly urged to upgrade to the patched version 10.3.2 to mitigate these risks.
Affected: SonicWall NetExtender for Windows
Keypoints :
- High-severity flaw tracked as CVE-2025-23008 with a CVSS score of 7.2 allows modification of application configuration by authenticated attackers.
- Additional medium-severity vulnerabilities (CVE-2025-23010 and CVE-2025-23009) could enable file path manipulation and arbitrary file deletion.
- The Linux version of the NetExtender client is not affected, and there is currently no evidence of these vulnerabilities being exploited in the wild.
Source: https://www.securityweek.com/sonicwall-patches-high-severity-vulnerability-in-netextender/