Privilege escalation in Sonicwall Netextender

CVE-2025-23007

A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

Vulnerability class: Privilege Escalation

EPSS: 0.000 (9.1th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.3.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0005 (vendor-advisory)