Vulnerability Description
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma8200V | < 12.4.3-02854 |
| Sonicwall | Sma6200 Firmware | < 12.4.3-02854 |
| Sonicwall | Sma6200 | - |
| Sonicwall | Sma6210 Firmware | < 12.4.3-02854 |
| Sonicwall | Sma6210 | - |
| Sonicwall | Sma7200 Firmware | < 12.4.3-02854 |
| Sonicwall | Sma7200 | - |
| Sonicwall | Sma7210 Firmware | < 12.4.3-02854 |
| Sonicwall | Sma7210 | - |
| Sonicwall | Sra Ex6000 Firmware | <= 12.4.3-02804 |
| Sonicwall | Sra Ex6000 | - |
| Sonicwall | Sra Ex7000 Firmware | <= 12.4.3-02804 |
| Sonicwall | Sra Ex7000 | - |
| Sonicwall | Sra Ex9000 Firmware | <= 12.4.3-02804 |
| Sonicwall | Sra Ex9000 | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-23006?
CVE-2025-23006 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditi...
How severe is CVE-2025-23006?
CVE-2025-23006 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-23006?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma8200V, Sonicwall Sma6200 Firmware, Sonicwall Sma6200, Sonicwall Sma6210 Firmware, Sonicwall Sma6210.