Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Jan. 24, 2025.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Sonicwall
  • Sma6200
  • Sma6200 Firmware
  • Sma6210
  • Sma6210 Firmware
  • Sma7200
  • Sma7200 Firmware
  • Sma7210
  • Sma7210 Firmware
  • Sma8200v
  • Sra Ex6000
  • Sra Ex6000 Firmware
  • Sra Ex7000
  • Sra Ex7000 Firmware
  • Sra Ex9000
  • Sra Ex9000 Firmware

Configuration 1 [-]

cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:sonicwall:sra_ex6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex6000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:sonicwall:sra_ex7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex7000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:sonicwall:sra_ex9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex9000:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006 cve-icon cve-icon
History

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 27 Jan 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall sma6200
Sonicwall sma6200 Firmware
Sonicwall sma6210
Sonicwall sma6210 Firmware
Sonicwall sma7200
Sonicwall sma7200 Firmware
Sonicwall sma7210
Sonicwall sma7210 Firmware
Sonicwall sma8200v
Sonicwall sra Ex6000
Sonicwall sra Ex6000 Firmware
Sonicwall sra Ex7000
Sonicwall sra Ex7000 Firmware
Sonicwall sra Ex9000
Sonicwall sra Ex9000 Firmware
CPEs cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex6000:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex7000:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_ex9000:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sra_ex6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sra_ex7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sra_ex9000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sonicwall
Sonicwall sma6200
Sonicwall sma6200 Firmware
Sonicwall sma6210
Sonicwall sma6210 Firmware
Sonicwall sma7200
Sonicwall sma7200 Firmware
Sonicwall sma7210
Sonicwall sma7210 Firmware
Sonicwall sma8200v
Sonicwall sra Ex6000
Sonicwall sra Ex6000 Firmware
Sonicwall sra Ex7000
Sonicwall sra Ex7000 Firmware
Sonicwall sra Ex9000
Sonicwall sra Ex9000 Firmware

Sat, 25 Jan 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-01-24'}

Fri, 24 Jan 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-01-24'}

Fri, 24 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-01-24'}

Fri, 24 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Jan 2025 11:45:00 +0000

Type Values Removed Values Added
Description Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
Weaknesses CWE-502
References
cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2025-01-23T11:37:41.148Z

Updated: 2025-10-21T22:55:31.291Z

Reserved: 2025-01-09T09:08:55.359Z

Link: CVE-2025-23006

cve-icon Vulnrichment

Updated: 2025-01-23T14:25:28.478Z

cve-icon NVD

Status : Modified

Published: 2025-01-23T12:15:28.523

Modified: 2025-10-21T23:16:50.667

Link: CVE-2025-23006

cve-icon Redhat

No data.