- 86/2025
- High
SonicWall has released security updates to address several vulnerabilities across SonicWall NetExtender Windows, Connect Tunnel Windows, and the SMA 100 series.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause file corruption, manipulate file paths, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. SonicWall SMA 100 Series Appliances Command Injection Vulnerability (CVE-2021-20035):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. SonicWall NetExtender Improper Link Resolution Before File Access (‘Link Following’) ( CVE-2025-23010):
- CVSS: 6.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: File Path Manipulation
It should be highlighted that SonicWall is aware that the updated vulnerability “CVE-2021-20035” is being exploited in the wild.
Vulnerabilities
- CVE-2025-23008
- CVE-2025-23009
- CVE-2025-23010
- CVE-2025-32817
- CVE-2021-20035
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.