Microsoft has discovered a critical vulnerability, known as a zero-day, in a SonicWall remote access appliance that hackers have been exploiting to gain unauthorized access to corporate networks and deploy malware. The vulnerability, identified as CVE-2025-23006, has a severity score of 9.6/10 and affects the SMA 1000 Appliance Management Console (AMC) and Central Management Console (CMC).

SonicWall has issued a security advisory urging users to apply the patch or implement a workaround promptly to prevent further exploitation of the vulnerability. The bug allows remote unauthenticated attackers to execute arbitrary OS commands, posing a significant risk to organizations using the affected SonicWall devices.

While the identity of the attackers and the extent of the attacks remain undisclosed, it is essential for users of the SMA 1000 product to upgrade to the hotfix release version to address the vulnerability. Thousands of vulnerable appliances have been identified, emphasizing the urgent need for remediation measures to secure networks against potential breaches.

To mitigate the impact of the flaw, users are advised to restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC). This incident highlights the growing focus of threat actors on exploiting edge devices to infiltrate target infrastructures discreetly. SonicWall has clarified that Firewall and SMA 100 series products are not affected by this vulnerability.

Source: TechCrunch