Advisory 76: SonicWALL Vulnerability - CVE-2025-23006
Release Date: 23rd of January 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation provide the following advisory.
What is it?
Product Details;
Vendor: SonicWall
Product: SMA1000
Platforms: Linux
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands
What are the Systems affected?
Product affected is versions 12.4.3-02804 (platform-hotfix) and earlier versions.
What this means?
An unauthenticated attacker could potentially enable a remote access to the SMA1000 Appliance Management Console and the Central Management Console.
Mitigation process
- To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC)
- Upgrade to fixed version – Version 12.4.3-02854 (platform-hotfix) and higher versions.
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
- https://www.cve.org/CVERecord?id=CVE-2025-23006
- Download advisory (English): SonicWALL Vulnerability - CVE-2025-23006
- Download advisory (French): Advisory 76