CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23010
https://notcve.org/view.php?id=CVE-2025-23010
10 Apr 2025 — An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23009
https://notcve.org/view.php?id=CVE-2025-23009
10 Apr 2025 — A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23008
https://notcve.org/view.php?id=CVE-2025-23008
10 Apr 2025 — An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23007
https://notcve.org/view.php?id=CVE-2025-23007
30 Jan 2025 — A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0005 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 51%CPEs: 9EXPL: 0CVE-2025-23006 – SonicWall SMA1000 Appliances Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2025-23006
23 Jan 2025 — Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Se ha identificado una vulnerabilidad de deserialización de datos no confiables antes de la autenticación en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones específi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12802
https://notcve.org/view.php?id=CVE-2024-12802
09 Jan 2025 — SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12806
https://notcve.org/view.php?id=CVE-2024-12806
09 Jan 2025 — A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 • CWE-37: Path Traversal: '/absolute/pathname/here' •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12805
https://notcve.org/view.php?id=CVE-2024-12805
09 Jan 2025 — A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12803
https://notcve.org/view.php?id=CVE-2024-12803
09 Jan 2025 — A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40765
https://notcve.org/view.php?id=CVE-2024-40765
09 Jan 2025 — An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013 • CWE-190: Integer Overflow or Wraparound •