Multiple Palo Alto Networks Products Vulnerabilities

April 11, 2025

ICS: Multiple Schneider Electric Products Vulnerabilities

April 11, 2025

Multiple SonicWall NetExtender Vulnerabilities

April 11, 2025

Severity

Medium

Analysis Summary

CVE-2025-23010 CVSS:6.5

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to manipulate file paths.

CVE-2025-23008 CVSS:7.2

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged malicious user to modify configurations.

CVE-2025-23009 CVSS:5.9

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to trigger an arbitrary file deletion.

Impact

Privilege Escalation
Data Manipulation

Indicators of Compromise

CVE

CVE-2025-23010
CVE-2025-23008
CVE-2025-23009

Affected Vendors

Sonicwall

Affected Products

SonicWall Netextender – 10.3.1

Remediation

Refer to SonicWall Security Advisory for patch, upgrade, or suggested workaround information.

SonicWall Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Microsoft Alerts on Node.js Exploitation in Malware Campaigns

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple Palo Alto Networks Products Vulnerabilities

ICS: Multiple Schneider Electric Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.