Vulnerability in Sonicwall Netextender

CVE-2025-23010

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

EPSS: 0.001 (20.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.3.1 and earlier versions

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 (vendor-advisory)