Cybersecurity stalwart, SonicWall disclosed that hackers are manipulating a newly unearthed flaw in its enterprise offerings in order to infiltrate their customers’ business networks.
In a recent advisory, the company detailed a vulnerability within its SMA1000 remote access appliance, utilized by firms to facilitate remote network access for employees. Astonishingly, this vulnerability permits anyone with internet access to install malware on vulnerable devices, without necessitating system login.
The vulnerability, tagged as CVE-2025-23006, was brought to light by Microsoft and subsequently communicated to SonicWall. The company acknowledged in a follow-up support post that the vulnerability is currently being exploited in real time. The fact that some of SonicWall’s clients have been hacked, and the exploitation commenced prior to issuance of a fix, has earned the flaw its zero-day moniker.
Neither SonicWall nor Microsoft provided concrete figures concerning the extent of the network compromise during the attack, instead stressing the necessity for customers to patch impacted systems with SonicWall’s recently released security hotfix.
Search results via Shodan, shared by Bleeping Computer, indicated a potential exposure to threat for thousands of internet-connected SMA1000 appliances, thereby increasing their risk to future attacks if left unpatched.
The peripheral cybersecurity products like firewalls, remote access tools, and VPN products are increasingly becoming the focus of malicious hackers. While these devices function as the primary line of defense against unauthorized access, they are intrinsically prone to software bugs, effectively negating their protective features, and thus, enabling hackers to breach the networks these products were initially deployed to safeguard.
Notably, leading manufacturers of corporate cybersecurity products like Barracuda, Check Point, Cisco, Citrix, Fortinet, Ivanti, and Palo Alto Networks have reported zero-day attacks on their customer base, resulting in extensive network compromises.
According to CISA, the U.S. cybersecurity agency, the most commonly exploited vulnerabilities in 2023 were within enterprise products developed by Citrix, Cisco, and Fortinet, and were primarily used by hackers to execute operations against “high-priority targets.”
Original source: Read the full article on TechCrunch
