Vulnerability Management, Patch/Configuration Management

Critical SonicWall SMA1000 Flaw Patched Amid Active Exploitation

Critical SonicWall SMA1000 bug patched amid active exploitation. (SonicWall)

SonicWall has released a hotfix for a critical vulnerability impacting its SMA1000 Appliance Management Console and Central Management Console appliances, tracked as CVE-2025-23006, which has been actively exploited in attacks that could result in arbitrary operating system command execution, according to SC Media.

Immediate patching of vulnerable SMA1000 instances is imperative amid the increasingly prevalent targeting of mobile environments in remote attacks, said Boris Cipot, senior security engineer at BlackDuck, who urged the adoption of zero-trust access and network segmentation to secure mobile access points and prevent potential compromise.

"Software risk is business risk, so knowing about such incidents and acting quickly to mitigate them should be an established process in every organization," said Cipot. "It's not only true for hardware appliances, but also for the software employees use."

Casey Ellis, founder at Bugcrowd, also urged organizations to implement timely patches and restrict access to their devices.

You can skip this ad in 5 seconds