SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client For Windows
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
SonicWall has released security updates addressing three critical vulnerabilities in its NetExtender VPN client for Windows.
The flaws, which could potentially allow attackers to escalate privileges and manipulate system files, affect both 32-bit and 64-bit versions of the software prior to version 10.3.2.
Organizations utilizing the NetExtender client are strongly advised to update their installations immediately to mitigate potential security risks.
SonicWall NetExtender Windows Client Vulnerabilities
The security advisory outlines three distinct vulnerabilities in the NetExtender Windows client:
CVE-2025-23008 represents an improper privilege management vulnerability with a Critical CVSS score of 7.2.
This flaw allows low-privileged attackers to modify configurations, potentially compromising system security. The vulnerability is classified as CWE-250, indicating execution with unnecessary privileges.
CVE-2025-23009 presents a local privilege escalation vulnerability with a CVSS score of 5.9, enabling attackers to trigger arbitrary file deletion.
This vulnerability also falls under the CWE-250 classification and could lead to significant system integrity issues if exploited.
The third vulnerability, CVE-2025-23010, involves improper link resolution before file access (CWE-59), commonly known as “link following.”
With a CVSS score of 6.5, this vulnerability allows attackers to manipulate file paths, potentially leading to system availability issues.
Security researchers Robert Janzen of Copperleaf Technologies, who identified CVE-2025-23008, and Hayden Wright, who discovered CVE-2025-23009 and CVE-2025-23010, responsibly disclosed the vulnerabilities.
The summary of the vulnerabilities is given below:
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-23008NetExtender Windows (32 and 64 bit)Improper Privilege ManagementLocal access with authentication credentials7.2CVE-2025-23009NetExtender Windows (32 and 64 bit)Local Privilege EscalationLocal access with authentication credentials.5.9CVE-2025-23010NetExtender Windows (32 and 64 bit)Improper Link Resolution, leading to denial-of-serviceLocal access with authentication credentials.6.5
Affected Systems and Remediation
The security flaws impact all NetExtender Windows client installations (both 32-bit and 64-bit) version 10.3.1 and earlier.
SonicWall’s Linux-based NetExtender clients remain unaffected by these vulnerabilities. Code for the vulnerable components includes the client’s privilege management system:
SonicWall has addressed these issues in NetExtender Windows client version 10.3.2, which now includes proper privilege checks, secure path handling, and additional safeguards against link-following attacks.
SonicWall emphasized in their advisory that there is currently no evidence of these vulnerabilities being exploited in the wild.
However, as a precautionary measure, they strongly advise all users to upgrade to version 10.3.2 or higher.
For organizations unable to update immediately, security experts recommend implementing network segmentation and applying the principle of least privilege to minimize potential attack surfaces until patches can be deployed.
Administrators should visit the official SonicWall support portal to download the latest NetExtender client with these security fixes and verify digital signatures before deployment.
#Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client For Windows
Author: Guru BaranSonicWall has released security updates addressing three critical vulnerabilities in its NetExtender VPN client for Windows.
The flaws, which could potentially allow attackers to escalate privileges and manipulate system files, affect both 32-bit and 64-bit versions of the software prior to version 10.3.2.
Organizations utilizing the NetExtender client are strongly advised to update their installations immediately to mitigate potential security risks.
SonicWall NetExtender Windows Client Vulnerabilities
The security advisory outlines three distinct vulnerabilities in the NetExtender Windows client:
CVE-2025-23008 represents an improper privilege management vulnerability with a Critical CVSS score of 7.2.
This flaw allows low-privileged attackers to modify configurations, potentially compromising system security. The vulnerability is classified as CWE-250, indicating execution with unnecessary privileges.
CVE-2025-23009 presents a local privilege escalation vulnerability with a CVSS score of 5.9, enabling attackers to trigger arbitrary file deletion.
This vulnerability also falls under the CWE-250 classification and could lead to significant system integrity issues if exploited.
The third vulnerability, CVE-2025-23010, involves improper link resolution before file access (CWE-59), commonly known as “link following.”
With a CVSS score of 6.5, this vulnerability allows attackers to manipulate file paths, potentially leading to system availability issues.
Security researchers Robert Janzen of Copperleaf Technologies, who identified CVE-2025-23008, and Hayden Wright, who discovered CVE-2025-23009 and CVE-2025-23010, responsibly disclosed the vulnerabilities.
The summary of the vulnerabilities is given below:
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-23008NetExtender Windows (32 and 64 bit)Improper Privilege ManagementLocal access with authentication credentials7.2CVE-2025-23009NetExtender Windows (32 and 64 bit)Local Privilege EscalationLocal access with authentication credentials.5.9CVE-2025-23010NetExtender Windows (32 and 64 bit)Improper Link Resolution, leading to denial-of-serviceLocal access with authentication credentials.6.5
Affected Systems and Remediation
The security flaws impact all NetExtender Windows client installations (both 32-bit and 64-bit) version 10.3.1 and earlier.
SonicWall’s Linux-based NetExtender clients remain unaffected by these vulnerabilities. Code for the vulnerable components includes the client’s privilege management system:
SonicWall has addressed these issues in NetExtender Windows client version 10.3.2, which now includes proper privilege checks, secure path handling, and additional safeguards against link-following attacks.
SonicWall emphasized in their advisory that there is currently no evidence of these vulnerabilities being exploited in the wild.
However, as a precautionary measure, they strongly advise all users to upgrade to version 10.3.2 or higher.
For organizations unable to update immediately, security experts recommend implementing network segmentation and applying the principle of least privilege to minimize potential attack surfaces until patches can be deployed.
Administrators should visit the official SonicWall support portal to download the latest NetExtender client with these security fixes and verify digital signatures before deployment.
#Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
