The Sonicwall computer security company says that hackers are taking advantage of a recently discovered vulnerability in one of its company products to enter the corporate networks of its customers.
Sonicwall said in consultancy that vulnerability in the SMA1000 remote access appliance, that companies use to allow their employees to access their business networks as if they were in the office, allows anyone on the internet to plant malware without the need to access for the system.
The vulnerability, monitored as CVE-2025-23006, was discovered by Microsoft and shared with Sonicwall last week. In a subsequent support post, Sonicwall said that vulnerability is “confirmed as actively exploited in nature”, indicating that some of Sonicwall’s company customers have been hacked. The bug is known as one day zero because it was used before Sonicwall had time to provide customers with a solution.
When contacted by Techcrunch, nor Sonicwall nor Microsoft have said how many companies have compromised their networks in the attacks, but they urged customers to patch of affected systems by installing the safety of safety that Sonicwall has released since then.
Several thousands of SMA 1000 devices are exposed to the Internet, according to a Shodan search result shared by Bleeping Computer, putting many of those companies with systems not suffered at greater risk of attacks.
Damn hackers are increasingly aimed at company computer security products, such as firewalls, remote access tools and VPN products. These devices exist on the perimeter of corporate networks to protect from aspiring intruders and unauthorized access. But they also have a propensity to contain bug software capable of making their safety protections ineffective, allowing hackers to compromise the same networks that these devices had the task of protecting.
In recent years, some of the largest manufacturers of company security company products, including Barracuda, Check Point, Cisco, Citrix, Fortinet, Ivanti and Palo Alto Networks, have divulged Zero-Day attacks aimed at their customers, who brought to wider network compromises.
According to the Us Cybersecurity Cisa agency, the most usually exploited vulnerabilities in 2023 were found in company products developed by Citrix, Cisco and Fortinet and used by hackers to conduct operations against “high priority objectives”.
