CVE-2025-23009

Published Apr 10, 2025

Last updated 2 months ago

CVSS high 7.2

Overview

Description
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
Source
PSIRT@sonicwall.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
6
Exploitability score
0.5
Vector string
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

PSIRT@sonicwall.com
CWE-250

Social media

Hype score
Not currently trending

  1. CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/0k1c8fgNwi During a recent host-based penetration test, NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows, a popular enter

    @f1tym1

    29 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Read the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ✅ SonicWall has patched these issues in NetExtender v10.3.2 https://t.co/mtiFvkrzmB https://t.co/kvEdICj2kg

    @NetSPI

    29 May 2025

    437 Impressions

    2 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/k5pagQPctg

    @Dinosn

    29 May 2025

    1515 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/0k1c8fgNwi During a recent host-based penetration test, NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows, a popular enter

    @f1tym1

    29 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-23008, CVE-2025-23009, CVE-2025-23010 SonicWall NetExtender Windows Client Multiple Vulnerabilities https://t.co/AUjHg3QoHE

    @autumn_good_35

    14 Apr 2025

    625 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  6. آسیب پذیری اول دارای کد شناسایی CVE-2025-23008 از نوع alter configurations ، آسیب پذیری دوم با کد شناسایی CVE-2025-23009 از نوع privilege escalation و آسیب پذیری سوم با کد شناسایی CVE-2025-23010 و از نوع manipulate file paths می باشد. https://t.co/Poz3aKY03t https://t.co/EztAUnc5

    @AmirHossein_sec

    11 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.