{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-004.pdf"
    },
    "title": "Critical Vulnerability in SonicWall Products",
    "serial_number": "2025-004",
    "publish_date": "28-01-2025 08:36:30",
    "description": "On January 22, 2025, SonicWall issued an advisory regarding a critical vulnerability in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SonicWall SMA 1000. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild.<br>\nIt is recommended applying update as soon as possible.<br>\n",
    "url_title": "2025-004",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in\u00a0SonicWall\u00a0Products'\nnumber: '2025-004'\nversion: '1.0'\noriginal_date: '2025-01-27'\ndate: '2025-01-27'\n---\n\n_History:_\n\n* _27/01/2025 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nOn January 22, 2025, SonicWall issued an advisory regarding a critical vulnerability in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SonicWall SMA 1000. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild [1].\n\nIt is recommended applying update as soon as possible.\n\n# Technical Details\n\nThe vulnerability `CVE-2025-23006`, with a CVSS score of 9.8, is a deserialisation of untrusted data vulnerability in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SonicWall SMA 1000. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code and gain control over affected systems.\n\n# Products Affected\n\nThe vulnerability affects all firmware versions of the SMA1000 appliance up to 12.4.3-02804 (platform-hotfix).\n\n# Recommendations\n\nIt is strongly recommended applying updates and check for any suspicious configuration change on affected assets.\n\n## Mitigation\n\nIt is strongly recommended restricting access to the Appliance Management Console (AMC) and Central Management Console (CMC) to only trusted networks [2].\n\n# References\n\n[1] <https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002>\n\n[2] <https://www.sonicwall.com/techdocs/pdf/sma_1000-12-4-admin_guide.pdf#page=653>",
    "content_html": "<p><em>History:</em></p><ul><li><em>27/01/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On January 22, 2025, SonicWall issued an advisory regarding a critical vulnerability in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SonicWall SMA 1000. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild [1].</p><p>It is recommended applying update as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2025-23006</code>, with a CVSS score of 9.8, is a deserialisation of untrusted data vulnerability in the Appliance Management Console (AMC) and Central Management Console (CMC) of the SonicWall SMA 1000. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code and gain control over affected systems.</p><h2 id=\"products-affected\">Products Affected</h2><p>The vulnerability affects all firmware versions of the SMA1000 appliance up to 12.4.3-02804 (platform-hotfix).</p><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended applying updates and check for any suspicious configuration change on affected assets.</p><h3 id=\"mitigation\">Mitigation</h3><p>It is strongly recommended restricting access to the Appliance Management Console (AMC) and Central Management Console (CMC) to only trusted networks [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002\">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.sonicwall.com/techdocs/pdf/sma_1000-12-4-admin_guide.pdf#page=653\">https://www.sonicwall.com/techdocs/pdf/sma_1000-12-4-admin_guide.pdf#page=653</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}