Sonicwall Security Company says that infiltrators are using a newly discovered security vulnerability in a product of its institutions to storm corporate networks for their customers.
Sonicwal said In a consultant The weakness in the SMA1000 remote access device, which companies use to allow their employees to register a distance to their companies’ networks as if they were in the office, allows anyone via the Internet to plant harmful programs on affected devices without the need to log in to the system.
The weakness, followed as Cve-2025-23006, was discovered by Microsoft and shared with Sonicwall last week. in Later support postSonicwall said the weakness “was confirmed that it was actively exploited in the wilderness,” which indicates that some clients of Sonicwall have been hacked. The error is defined as a zero day because it was exploited before Sonicwall has time to provide customers with a repair.
When calling it by Techcrunch, Sonicwall or Microsoft said the number of companies whose networks have been at risk of attacks, but have urged customers to correct the systems affected by installing the hot safety repair by Sonicwall since then.
Several thousand SMA1000 devices are exposed to the Internet, according to Shodan search result Common before Bleeping computerAnd many of those companies that have more risk systems have been placed.
The wicked infiltrators are increasingly targeting cybersecurity products for companies, such as protection walls, remote access tools and products. These devices are on the vicinity of corporate networks to protect from potential infiltrators and unauthorized access. But they also have a tendency to contain program errors that can make safety protection ineffective, allowing infiltrators to settle the same networks that have been assigned to protect.
In recent years, some of the largest Cyber security products makers, including Barracuda, Check Point, Cisco, Citrix, Fortinet, Ivanti and Palo Alto, have revealed zero attacks in one day targeting its customers, which led to wider network consensus.
According to the US CISA, CISA, The highest weaknesses are routinely exploited During the year 2023, the products of the institutions developed by Citrix, Cisco and Fortinet were found, and it was used by infiltrators to perform operations against “high priority targets”.
