June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Palo Alto Networks Products Vulnerabilities
April 11, 2025
ICS: Multiple Schneider Electric Products Vulnerabilities
April 11, 2025
Multiple Palo Alto Networks Products Vulnerabilities
April 11, 2025
ICS: Multiple Schneider Electric Products Vulnerabilities
April 11, 2025
Severity
Medium
Analysis Summary
CVE-2025-23010 CVSS:6.5
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to manipulate file paths.
CVE-2025-23008 CVSS:7.2
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged malicious user to modify configurations.
CVE-2025-23009 CVSS:5.9
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows a malicious user to trigger an arbitrary file deletion.
Impact
- Privilege Escalation
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-23010
CVE-2025-23008
CVE-2025-23009
Affected Vendors
Sonicwall
Affected Products
- SonicWall Netextender – 10.3.1
Remediation
Refer to SonicWall Security Advisory for patch, upgrade, or suggested workaround information.
