SonicWall Says Exploitation Of SMA1000 Flaw Discovered By Microsoft

The cybersecurity vendor says partners and customers have not reported any ‘direct exploitation’ of the critical zero-day vulnerability so far.

SonicWall said Thursday that exploitation of a “critical” zero-day vulnerability in the SMA1000 Appliance Management Console and Central Management Console has been reported by Microsoft threat researchers.

However, partners and customers have not reported any “direct exploitation” of the remote code execution flaw so far, SonicWall said in a statement provided to CRN.

The vulnerability (tracked with the identifier CVE-2025-23006) can be exploited by a malicious actor to remotely execute code without authentication, according to SonicWall. It has received a “critical” severity rating of 9.8 out 10.0.

The flaw impacts versions of the SMA1000 platform up to version 12.4.3-02804 (platform-hotfix). SonicWall has released a patch that fixes the issue.

In its security advisory posted online, SonicWall said its threat response team “has been notified of possible active exploitation of the referenced vulnerability by threat actors” — and that the company “strongly advises” upgrades to the fixed version.

However, in its statement Thursday, SonicWall said that “our partners and customers have not reported any direct exploitation to date.”

Researchers at the Microsoft Threat Intelligence Center (MSTIC), according to SonicWall, “discovered evidence of exploitation, prompting a comprehensive code and vulnerability review that led to the discovery of CVE-2025-23006.

“Immediately afterwards, MSTIC informed SonicWall of this discovery,” SonicWall said in its statement Thursday. “MSTIC and SonicWall PSIRT are working closely together to identify and mitigate the vulnerability discussed in this CVE [disclosure].”