Vulnerability in Sonicwall Netextender

CVE-2025-23008

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

EPSS: 0.001 (27.3th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.3.1 and earlier versions

Weakness classification (CWE)

CWE-250

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 (vendor-advisory)