ГлавнаяУязвимости → CVE-2025-23006
9.8критическая

CVE-2025-23006

→ есть в БДУ: BDU:2025-00665 (на русском)
Описание (на английском; русское — в БДУ выше)

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Затрагиваемое ПО
Sonicwall Sma8200vSonicwall Sma6200 firmwareSonicwall Sma6200Sonicwall Sma6210 firmwareSonicwall Sma6210Sonicwall Sma7200 firmwareSonicwall Sma7200Sonicwall Sma7210 firmwareSonicwall Sma7210Sonicwall Sra ex6000 firmwareSonicwall Sra ex6000Sonicwall Sra ex7000 firmwareSonicwall Sra ex7000Sonicwall Sra ex9000 firmwareSonicwall Sra ex9000
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23006