The online security company Sonicwall says hackers are using a newly discovered weakness in one of its enterprises products to access its client corporate networks.
Sonicwall said in advice that the weakness on its SMA1000 remote access device, which companies use to allow their employees to register remotely on their corporate networks as if they were in the office allows anyone on the Internet plant malware on the affected equipment without needing an entry for the system.
The weakness, followed as Cve-2025-23006, was discovered by Microsoft and shared with Sonicwall last week. In a later supporting post, Sonicwall said the weakness is “confirmed as actively exploiting the wild”, indicating that some of Sonicwall’s corporate clients were hacked. The error is known as a zero day because it was used before Sonicwall had time to provide customers an adjustment.
When contacted by Techcrunch, neither Sonicwall nor Microsoft said how many companies had their networks compromised in the attacks, but were asked customers to control the affected systems by installing security hotfix that Sonicwall has released since.
Thousands of SMA 1000 devices are exposed online, according to a Shodan search result separated by Blleeping Computer, placing many of those companies with unfulfilled systems at greater risk of attacks.
Malicious hackers are increasingly targeting corporate internet security products, such as firewalls, remote access tools and VPN products. These devices exist on the perimeter of corporate networks to protect against potential interventions and unauthorized access. But they also have a tendency to contain software errors that can make their protection of ineffective security, allowing hackers to compromise the networks that these devices have the task of protecting.
In recent years, some of the biggest manufacturers of corporate internet security products, including Barracuda, Check Point, Cisco, Citrix, Fortinet, Ivanti, and Palo Alto Networks, have discovered zero day attacks aimed at their customers , which have resulted in wider network compromises.
According to the US Internet Security Agency CISA, the most routinely used weaknesses during 2023 were found in the products of enterprises developed by Citrix, CISCO, and Fortines, and were used by hackers to carry out operations against “objectives with high advantage. “
