Vulnerability in Sonicwall Netextender

CVE-2025-23009

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

EPSS: 0.001 (23.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.3.1 and earlier versions

Weakness classification (CWE)

CWE-250

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 (vendor-advisory)