Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Confirms SonicWall SMA1000 Vulnerability Has Seen Exploitation

CRN by CRN
January 24, 2025
Home News
Share on FacebookShare on Twitter


The U.S. cybersecurity agency says it ‘strongly urges all organizations’ to implement available patches for the critical flaw.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Friday that a critical vulnerability affecting SonicWall’s SMA1000 Appliance Management Console has seen exploitation in attacks.

The flaw, which also impacts SonicWall’s Central Management Console, was disclosed this week after Microsoft researchers discovered evidence of exploitation. However, SonicWall said in a statement Thursday that partners and customers had not reported any “direct exploitation” of the remote code execution flaw.

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

CRN reached out to SonicWall for further comment Friday. As of this writing, the vendor’s advisory on the issue had not been updated with any new information since Thursday.

CISA said in its advisory Friday that it has added the SonicWall vulnerability (tracked with the identifier CVE-2025-23006) to its catalog of exploited vulnerabilities based on “evidence of active exploitation.”

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the agency said, adding that CISA also “strongly urges all organizations” to prioritize remediation of flaws in the Known Exploited Vulnerabilities Catalog.

The vulnerability can be exploited by a malicious actor to remotely execute code without authentication and has received a “critical” severity rating of 9.8 out 10.0, according to SonicWall.

The flaw impacts versions of the SMA1000 platform up to version 12.4.3-02804 (platform-hotfix). SonicWall has released a patch that fixes the issue.

Researchers at the Microsoft Threat Intelligence Center (MSTIC), according to SonicWall, “discovered evidence of exploitation, prompting a comprehensive code and vulnerability review that led to the discovery of CVE-2025-23006.

“Immediately afterwards, MSTIC informed SonicWall of this discovery,” SonicWall said in its statement Thursday. “MSTIC and SonicWall PSIRT are working closely together to identify and mitigate the vulnerability discussed in this CVE [disclosure].”



Source link

Tags: CyberattacksCybersecuritynetwork securityVulnerabilities
CRN

CRN

Next Post
Dahua Technology schließt sich mit dem WWF zusammen, um die Nachhaltigkeitsbemühungen weltweit auszuweiten

Dahua Technology schließt sich mit dem WWF zusammen, um die Nachhaltigkeitsbemühungen weltweit auszuweiten

Recommended.

Why cyber risks lurk in legacy technology

Why cyber risks lurk in legacy technology

September 3, 2025
Startup Diliko Looks To Recruit Data Management-Savvy Solution Providers With New Partner Program

Startup Diliko Looks To Recruit Data Management-Savvy Solution Providers With New Partner Program

June 5, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
Anthropic’s 5 Huge Hires From OpenAI, Google, Microsoft And xAI In 2026

Anthropic’s 5 Huge Hires From OpenAI, Google, Microsoft And xAI In 2026

July 7, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio