Multiple SonicWall NetExtender Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-23010 CVSS:6.5

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to manipulate file paths.

CVE-2025-23008 CVSS:7.2

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged malicious user to modify configurations.

CVE-2025-23009 CVSS:5.9

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to trigger an arbitrary file deletion.

Impact

Privilege Escalation
Data Manipulation

Indicators of Compromise

CVE

CVE-2025-23010
CVE-2025-23008
CVE-2025-23009

Affected Vendors

Sonicwall

Affected Products

SonicWall Netextender – 10.3.1

Remediation

Refer to SonicWall Security Advisory for patch, upgrade, or suggested workaround information.

SonicWall Security Advisory

Multiple Palo Alto Networks Products Vulnerabilities

ICS: Multiple Schneider Electric Products Vulnerabilities

Multiple SonicWall NetExtender Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan