Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23008

Summary
Assigner-sonicwall
Assigner Org ID-44b2ff79-1416-4492-88bb-ed0da00c7315
Published At-10 Apr, 2025 | 18:55
Updated At-10 Apr, 2025 | 19:13
Rejected At-
Credits

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sonicwall
Assigner Org ID:44b2ff79-1416-4492-88bb-ed0da00c7315
Published At:10 Apr, 2025 | 18:55
Updated At:10 Apr, 2025 | 19:13
Rejected At:
▼CVE Numbering Authority (CNA)

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

Affected Products
Vendor
SonicWall Inc.SonicWall
Product
NetExtender
Platforms
  • Windows
  • 64 bit
  • 32 bit
Default Status
unknown
Versions
Affected
  • 10.3.1 and earlier versions
Problem Types
TypeCWE IDDescription
CWECWE-250CWE-250 Execution with Unnecessary Privileges
Type: CWE
CWE ID: CWE-250
Description: CWE-250 Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
vendor-advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@sonicwall.com
Published At:10 Apr, 2025 | 19:16
Updated At:11 Apr, 2025 | 15:39

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-250SecondaryPSIRT@sonicwall.com
CWE ID: CWE-250
Type: Secondary
Source: PSIRT@sonicwall.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006PSIRT@sonicwall.com
N/A
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
Source: PSIRT@sonicwall.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-23009
Matching Score-10
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-10
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.31%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 18:55
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

Action-Not Available
Vendor-SonicWall Inc.
Product-NetExtender
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-23010
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 18:57
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

Action-Not Available
Vendor-SonicWall Inc.
Product-NetExtender
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-40602
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.31% / 53.66%
||
7 Day CHG+0.01%
Published-18 Dec, 2025 | 10:58
Updated-19 Dec, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-24||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Action-Not Available
Vendor-SonicWall Inc.
Product-sma7210_firmwaresma6210sma8200vsma7200_firmwaresma7210sma6210_firmwaresma6200sma6200_firmwaresma7200SMA1000SMA1000 appliance
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-862
Missing Authorization
Details not found