CVE-2025-23006

CVE Published	2025-01-23
Related CWE(s)	CWE-502: Deserialization of Untrusted Data
Related Vendor(s)	sonicwall
Related Product(s)	sma6210_firmware, sra_ex9000_firmware, sma6200_firmware, sma8200v, sma7210_firmware, sra_ex7000_firmware, sra_ex6000_firmware, sma7200_firmware
Exploitation Reported (CISA KEV)	2025-01-24
CVSS 3 Base Score	9.8 (CRITICAL)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Object Injection (CAPEC-586)

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

References

CVE-2025-23006

Cyber Threat Graph Context

Associated CAPEC Patterns

Object Injection (CAPEC-586)

References

CVE.org

NIST National Vulnerability Database

CISA Known Exploited Vulnerabilities