SonicWall, a cybersecurity firm, has reported that hackers are taking advantage of a recently identified vulnerability within one of its enterprise solutions to infiltrate corporate networks belonging to its clients.
In an advisory, SonicWall revealed that the flaw lies within its SMA1000 remote access gateway, a tool leveraged by businesses to facilitate remote employee logins as though they were physically present in the office. This vulnerability permits unauthorized internet users to install malware on vulnerable devices without any system login credentials.
The issue, designated CVE-2025-23006, was uncovered by Microsoft, which subsequently informed SonicWall last week. In a follow-up support brief, SonicWall acknowledged that the vulnerability is “confirmed as being actively exploited in the wild,” suggesting that several of their corporate clients have fallen victim to the attacks. This flaw is labeled as a zero-day exploit because it was compromised before SonicWall could deploy a remedy for its customers.
When approached by TechCrunch, both SonicWall and Microsoft refrained from disclosing the number of companies impacted by the breaches but emphasized the importance of patching vulnerable systems with the security hotfix SonicWall has since provided.
According to researchers at Censys, nearly a hundred SMA 1000 appliances with unprotected consoles are accessible via the internet, exposing many clients with unpatched systems to amplified attack risks.
There has been a noticeable increase in malicious attacks targeting enterprise cybersecurity solutions, including firewalls, VPN products, and remote access tools. These devices are situated at the edges of corporate networks to defend against unauthorized access and potential intruders. Nevertheless, they often harbor software vulnerabilities that can undermine their protective capabilities, resulting in breaches of the very networks they are intended to safeguard.
In recent years, some of the leading manufacturers of corporate cybersecurity products, such as Cisco, Barracuda, Fortinet, Check Point, Citrix, Ivanti, and Palo Alto Networks, have reported zero-day attacks affecting their clients, leading to extensive network breaches.
As reported by the U.S. cybersecurity agency CISA, the most frequently exploited vulnerabilities in 2023 originated from enterprise products developed by Citrix, Cisco, and Fortinet, which hackers have leveraged to assault “high-priority targets.”
Updated on January 28 with fresh data from Censys regarding the number of affected devices.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
