- Description
- An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.
- Source
- PSIRT@sonicwall.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 6
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- PSIRT@sonicwall.com
- CWE-59
- Hype score
- Not currently trending
CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/0k1c8fgNwi During a recent host-based penetration test, NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows, a popular enter
@f1tym1
29 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Read the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ✅ SonicWall has patched these issues in NetExtender v10.3.2 https://t.co/mtiFvkrzmB https://t.co/kvEdICj2kg
@NetSPI
29 May 2025
437 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/k5pagQPctg
@Dinosn
29 May 2025
1515 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender https://t.co/0k1c8fgNwi During a recent host-based penetration test, NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows, a popular enter
@f1tym1
29 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23008, CVE-2025-23009, CVE-2025-23010 SonicWall NetExtender Windows Client Multiple Vulnerabilities https://t.co/AUjHg3QoHE
@autumn_good_35
14 Apr 2025
625 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 CVE-2025-23010 🟠 MEDIUM (6.5) 🏢 SonicWall - NetExtender 🏗️ 10.3.1 and earlier versions 🔗 https://t.co/AqObxBj1Hv #CyberCron #VulnAlert #InfoSec https://t.co/UKEoX5GELH
@cybercronai
12 Apr 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری اول دارای کد شناسایی CVE-2025-23008 از نوع alter configurations ، آسیب پذیری دوم با کد شناسایی CVE-2025-23009 از نوع privilege escalation و آسیب پذیری سوم با کد شناسایی CVE-2025-23010 و از نوع manipulate file paths می باشد. https://t.co/Poz3aKY03t https://t.co/EztAUnc5
@AmirHossein_sec
11 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23010 An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to ma… https://t.co/Rioe9MPzc8
@CVEnew
10 Apr 2025
265 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes