Product Notice: Urgent Security Notification - SMA 1000
Description
Overview
- CVE-2025-23006: Pre-authentication Remote Command Execution Vulnerability - CVSS Score: 9.8 (Critical)
SonicWall is alerting customers to critical pre-authentication remote command execution vulnerability on SMA 1000 series appliances. This vulnerability has been confirmed as being actively exploited in the wild, thus this information should be treated with the utmost severity.
Appliances on vulnerable firmware versions, with administrative access exposed to the public internet, are especially at risk of exploitation. Administrative access refers to the ability to access the web-based Appliance Management and Central Management consoles (AMC & CMC) on the configured port (default 8443).
Product Impact
| Product | Impacted Models | Impacted Version |
| SMA1000 | SMA6200, SMA6210, SMA7200, SMA7210, SMA8200v (ESX, KVM, Hyper-V, AWS, Azure), EX6000, EX7000, EX9000 | 12.4.3-02804 and earlier versions |
Note: SMA100 (SMA200, 210, 400, 410, 500v) and Firewall SSL VPN are not affected by this vulnerability.
Remediation
Users will need to upgrade their impacted models immediately to the versions mentioned in the table below if they are running a version which is impacted by this vulnerability.
| Gen | Fixed Models | Fixed Version |
| SMA1000 | SMA6210, SMA7200, SMA7210, SMA8200v (ESX, KVM, Hyper-V, AWS, Azure) | 12.4.3-02854 and newer |
Additionally, customers are reminded to restrict administrative access to SMA & CMS appliances:
- Dual-homed appliances: Limit access to administrative consoles (default TCP port 8443) to trusted internal networks accessible via an internal interface only (will not impact user VPN traffic).
- Single-homed appliances: Use a firewall to limit access to administrative consoles (default TCP port 8443) to trusted internal networks (will not impact user VPN traffic).
Additional Information
SonicWall is preparing additional information for customers to verify the integrity of their appliances. This article will be updated once availability is finalized.
IMPORTANT:
It is important that you treat this notification as urgent and perform the necessary firmware upgrades.
Please contact your authorized SonicWall partner or managed services provider for assistance. Should you require assistance or encounter issues during the update process, our support team is also available to help and can be reached at: https://www.sonicwall.com/support/contact-support/.
For additional firmware upgrade information, please reference: How to Upgrade SMA 1000 Series Appliances
IMPORTANT: Adhering to industry best practices, SonicWall does not provide support (e.g., technical support, firmware updates/upgrades, hardware replacements) for products that do not have an active support contract or have reached End-of-Support (EOS) status. View the SonicWall Product Lifecycle Table for more information.