The original post: /r/cybersecurity by /u/blackpoint_APG on 2025-01-23 18:23:35.

A critical vulnerability (CVE-2025-23006, CVSS: 9.8) has been identified in SonicWall SMA 1000 Series appliances (version 12.4.3-02804 and earlier). This pre-authentication vulnerability could allow threat actors to execute commands, deploy malware, and steal information.

At the time of writing (January 23, 2025), SonicWall has reported instances of likely exploitation; however, details of the purported exploitation have not been provided. It is likely threat actors will exploit this vulnerability over the next 12 months.

Blackpoint will continue to monitor and provide updates as needed.

Recommendations

  • Upgrade to the most recent version of SonicWall SMA, which is available in the SonicWall advisory.
  • Restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC).
  • Configure the appliance to use dual interfaces.
  • Configure the appliance to use dual network gateways.
  • Ensure that the appliance is not exposed to the internet.
  • Give the appliance access to only the necessary resources on the customer network.
  • Enable strict IP address restrictions for the SSH service.
  • Enable strict IP address restrictions for the SNMP service.
  • Use a secure passphrase for the SNMP community string.
  • Disable or suppress ICMP traffic.
  • Use an NTP server.
  • Protect the server certificate that the appliance is configured to use.

Additional mitigations can be found in the SonicWall Guide, beginning on page 653.

Relevant Sources: