CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sonicwall:sra_ex6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sra_ex6000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sonicwall:sra_ex7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sra_ex7000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sonicwall:sra_ex9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sra_ex9000:-:*:*:*:*:*:*:*

History

27 Jan 2025, 18:41

Type	Values Removed	Values Added
First Time		Sonicwall sma6200 Sonicwall sma6210 Firmware Sonicwall sra Ex6000 Firmware Sonicwall sma8200v Sonicwall sma6210 Sonicwall sma7200 Firmware Sonicwall sra Ex7000 Firmware Sonicwall sma7210 Firmware Sonicwall sma7210 Sonicwall sra Ex7000 Sonicwall Sonicwall sma6200 Firmware Sonicwall sma7200 Sonicwall sra Ex9000 Sonicwall sra Ex6000 Sonicwall sra Ex9000 Firmware
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 - Vendor Advisory
CPE		cpe:2.3:o:sonicwall:sra_ex7000_firmware:::::::: cpe:2.3:o:sonicwall:sra_ex6000_firmware:::::::: cpe:2.3:o:sonicwall:sma6210_firmware:::::::: cpe:2.3:o:sonicwall:sma7210_firmware:::::::: cpe:2.3:h:sonicwall:sma7210:-:::::::* cpe:2.3:h:sonicwall:sra_ex9000:-:::::::* cpe:2.3:h:sonicwall:sra_ex6000:-:::::::* cpe:2.3:o:sonicwall:sma7200_firmware:::::::: cpe:2.3:o:sonicwall:sma6200_firmware:::::::: cpe:2.3:h:sonicwall:sma7200:-:::::::* cpe:2.3:a:sonicwall:sma8200v:::::::: cpe:2.3:h:sonicwall:sma6210:-:::::::* cpe:2.3:h:sonicwall:sma6200:-:::::::* cpe:2.3:h:sonicwall:sra_ex7000:-:::::::* cpe:2.3:o:sonicwall:sra_ex9000_firmware::::::::

23 Jan 2025, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) Se ha identificado una vulnerabilidad de deserialización de datos no confiables antes de la autenticación en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones específicas podría permitir que un atacante remoto no autenticado ejecute comandos arbitrarios del sistema operativo.

23 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-23 12:15

Updated : 2025-04-02 20:32

NVD link : CVE-2025-23006

Mitre link : CVE-2025-23006

CVE.ORG link : CVE-2025-23006

JSON object : View

Products Affected

sonicwall

sma7210
sma7200_firmware
sra_ex9000
sma7210_firmware
sra_ex9000_firmware
sma6210_firmware
sma7200
sma6210
sra_ex6000_firmware
sma8200v
sra_ex7000
sra_ex6000
sra_ex7000_firmware
sma6200_firmware
sma6200

CWE

CWE-502

Deserialization of Untrusted Data

9.8 /10