Summary: SonicWall has released a security advisory identifying three vulnerabilities in its NetExtender Windows client, affecting versions 10.3.1 and earlier. The vulnerabilities could allow low-privileged attackers to modify configurations, escalate privileges, or manipulate file paths, posing risks to the integrity of secure connections. Users are urged to upgrade to version 10.3.2 or later to mitigate these risks.
Affected: NetExtender Windows (32 and 64 bit): Version 10.3.1 and earlier
Keypoints :
- CVE-2025-23008 – Improper Privilege Management (CVSS 7.2): Allows low-privileged attackers to change critical configurations, potentially compromising security.
- CVE-2025-23009 – Local Privilege Escalation via Arbitrary File Deletion (CVSS 5.9): Enables deletion of arbitrary files, which can lead to privilege escalation.
- CVE-2025-23010 – Link Following File Access Issue (CVSS 6.5): Improper handling of symlinks can lead to unauthorized access and tampering with system files.
Source: https://securityonline.info/sonicwall-patches-multi-vulnerabilities-in-netextender-vpn-client/