CVE-2025-23006: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...

9.8 CVSS

Description

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Known Exploited

🚨 Marked as known exploited on January 24th, 2025 (3 months ago).

Classification

CVE ID: CVE-2025-23006

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: SonicWall

Product: SMA1000

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.37% (probability of being exploited)

EPSS Percentile: 86.26% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

Timeline

2025-01-24 15:30:14 UTC
CISA KEV

SonicWall SMA1000 Appliances Deserialization Vulnerability
2025-01-24 15:31:41 UTC
🚨 Marked as Known Exploited
2025-01-24 18:00:15 UTC
All CISA Advisories

CISA Adds One Known Exploited Vulnerability to Catalog
2025-01-25 00:30:32 UTC
CVE

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...