CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 14, 2025

CVE-2025-23006

High

EPSS 63.4%CISA KEVRansomware

SonicWall/SMA1000 Appliances

Description

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

EPSS — Exploit Probability

63.4%

Higher than 98.4% of all CVEs

Required Action

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 63.4%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Jan 24, 2025

Added to KEV

Jan 24, 2025

Remediation Due

Feb 14, 2025

Affected Product

SonicWall

SMA1000 Appliances

View all SonicWall CVEs

External Links

NVD (NIST)CVE Details MITRE CVE