SonicWall fixes bug rated 9.8 in mobile management appliance

SonicWall on Jan. 22 posted an advisory that a critical 9.8 bug in its SMA1000 Appliance Management Console and Central Management Console was exploited in the wild.

In its advisory, SonicWall said the flaw — CVE-2025-23006 — could let a remote unauthenticated attacker execute arbitrary OS commands.

SonicWall “strongly advises” users of SMA1000 appliances to upgrade to the hotfix release version to address the mobile-based vulnerability. The appliance is used to manage mobile environments.

Boris Cipot, senior security engineer at BlackDuck, said these types of appliances serve as gateways for secure remote access and have become an attractive target for attackers, so companies that use the SMA1000 appliance should patch right away to avoid a breach.

“Needless to say, organizations should at least implement network segmentation, zero-trust access, and enhanced monitoring to mitigate the risk and make sure that the attackers cannot get far, even if they successfully open the first door,” said Cipot. “Since we live in a world where remote work is a broad trend, such incidents are important to track.”

Cipot added that securing mobile access points has emerged as one of most important considerations in enterprise infrastructure resilience.

“Software risk is business risk, so knowing about such incidents and acting quickly to mitigate them should be an established process in every organization,” said Cipot. “It’s not only true for hardware appliances, but also for the software employees use.”

Casey Ellis, founder at Bugcrowd, added that this continues the trend of targeting vulnerabilities in remote access systems and network concentrators.

“Aside from patching, organizations should ensure that management interfaces for the SMA1000 — or any other device for that matter given the cluster of vulnerabilities, research, and exploitation — are not publicly accessible,” said Ellis.