CVE-2025-23006 – SonicWall SMA1000 Appliances Deserialization Vulnerability

https://notcve.org/view.php?id=CVE-2025-23006

23 Jan 2025 — Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Se ha identificado una vulnerabilidad de deserialización de datos no confiables antes de la autenticación en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones específi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 • CWE-502: Deserialization of Untrusted Data •