CISA Confirms SonicWall SMA1000 Vulnerability Has Seen Exploitation
The U.S. cybersecurity agency says it ‘strongly urges all organizations’ to implement available patches for the critical flaw.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Friday that a critical vulnerability affecting SonicWall’s SMA1000 Appliance Management Console has seen exploitation in attacks.
The flaw, which also impacts SonicWall’s Central Management Console, was disclosed this week after Microsoft researchers discovered evidence of exploitation. However, SonicWall said in a statement Thursday that partners and customers had not reported any “direct exploitation” of the remote code execution flaw.
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
CRN reached out to SonicWall for further comment Friday. As of this writing, the vendor’s advisory on the issue had not been updated with any new information since Thursday.
CISA said in its advisory Friday that it has added the SonicWall vulnerability (tracked with the identifier CVE-2025-23006) to its catalog of exploited vulnerabilities based on “evidence of active exploitation.”
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the agency said, adding that CISA also “strongly urges all organizations” to prioritize remediation of flaws in the Known Exploited Vulnerabilities Catalog.
The vulnerability can be exploited by a malicious actor to remotely execute code without authentication and has received a “critical” severity rating of 9.8 out 10.0, according to SonicWall.
The flaw impacts versions of the SMA1000 platform up to version 12.4.3-02804 (platform-hotfix). SonicWall has released a patch that fixes the issue.
Researchers at the Microsoft Threat Intelligence Center (MSTIC), according to SonicWall, “discovered evidence of exploitation, prompting a comprehensive code and vulnerability review that led to the discovery of CVE-2025-23006.
“Immediately afterwards, MSTIC informed SonicWall of this discovery,” SonicWall said in its statement Thursday. “MSTIC and SonicWall PSIRT are working closely together to identify and mitigate the vulnerability discussed in this CVE [disclosure].”