SonicWall Product Security Update Advisory

Overview

 

SonicWall has released security updates to fix vulnerabilities in SonicWall products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

 

CVE-2025-23008

NetExtender Windows Version: 10.3.1 and earlier

 

CVE-2025-32817

Connect Tunnel Windows Client version: 12.4.3.283 and earlier

 

 

Resolved Vulnerabilities

 

Improper privilege management vulnerability that could allow a low privilege attacker to modify configuration (CVE-2025-23008)
Improper link resolution vulnerability that could allow unauthorized file overwriting (CVE-2025-32817)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-23008

NetExtender Windows versions: 10.3.2 and higher

 

CVE-2025-32817

Connect Tunnel Windows Client version: 12.4.3.298 and later

 

 

References

[1] SonicWall NetExtender Windows Client Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
[2] SonicWall Connect Tunnel Windows Client Improper Link Resolution Vulnerability
https://github.com/langflow-ai/langflow/pull/6911