Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
SonicWall SMA1000 Appliances Deserialization Vulnerability

Known Exploited Vulnerabilities CVE-2025-23006

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2025-23006	SonicWall SMA1000 Appliances Deserialization Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments This pre-authentication vulnerability, present in SonicWall SMA1000 appliances running version 12.4.3-02804 or earlier, allows attackers to perform remote code execution on exploited machines, allowing for arbitrary OS command execution. References https://arcticwolf.com/resources/blog/cve-2025-23006/ https://www.cybereason.com/blog/cve-2025-23006-sonicwall-critical-vulnerability
CVE-2025-23006	SonicWall SMA1000 Appliances Deserialization Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments This pre-authentication vulnerability, present in SonicWall SMA1000 appliances running version 12.4.3-02804 or earlier, allows attackers to perform remote code execution on exploited machines, allowing for arbitrary OS command execution. References https://arcticwolf.com/resources/blog/cve-2025-23006/ https://www.cybereason.com/blog/cve-2025-23006-sonicwall-critical-vulnerability