Overview
SonicWall has released a security update for a critical vulnerability in SMA 1000 Series appliances, affecting the Appliance Management Console (AMC) and Central Management Console (CMC).
Identified as CVE-2025-23006, this ‘pre-authentication deserialisation of untrusted data’ flaw has a CVSSv3 score of 9.8 and could allow remote attackers to execute OS commands without authentication. SonicWall’s Secure Mobile Access provides SSL VPN, context-aware authorisation, application-level VPNs, and federated SSO for cloud and on-premises resources.
QNAP has issued a security advisory for three vulnerabilities in its QTS and QuTS operating systems for NAS appliances.
CVE-2023-39298, a ‘missing authorisation’ flaw with a CVSSv3 score of 7.8, could allow local attackers with low privileges to access data or perform unauthorised actions. CVE-2024-53691, a ‘link following’ vulnerability with a CVSSv4 score of 8.7, could enable remote attackers to conduct path traversal.
Cisco has released a security update to address a critical vulnerability in its Meeting Management software. Identified as CVE-2025-20156 with a CVSS score of 9.9, this flaw resides in the REST API and is due to improper authorization enforcement. A remote, authenticated attacker could exploit this vulnerability by sending specific API requests, potentially gaining administrator-level control over edge nodes managed by Cisco Meeting Management. Affected versions include releases 3.8 and earlier; users are advised to migrate to a fixed release. There are no workarounds available for this issue. Cisco has stated that, as of now, there is no evidence of this vulnerability being exploited in the wild.
Palo Alto: Eclypsium has identified multiple critical vulnerabilities, known as ‘PANdora's Box’ in Palo Alto Networks' Next-Generation Firewall (NGFW) appliances, affecting models such as the PA-3260, PA-1410, and PA-415.
Vulnerabilities include:
* CVE-2020-10713 (BootHole): Buffer overflow enabling Secure Boot bypass on Linux systems.
* System Management Mode (SMM) Vulnerabilities: Flaws in InsydeH2O UEFI firmware that can lead to privilege escalation and Secure Boot bypass.
* LogoFAIL: UEFI vulnerabilities exploiting image parsing flaws to bypass Secure Boot and execute malicious code.
* PixieFail: TCP/IP vulnerabilities in UEFI leading to code execution and information disclosure.
* Insecure Flash Access Control: Misconfigured flash access controls allowing UEFI modifications.
* CVE-2023-1017: Out-of-bounds write vulnerability in TPM 2.0.
* Intel Boot Guard Leaked Keys Bypass: Vulnerability in the PA-1410 model.
Exploiting these flaws could allow attackers to bypass Secure Boot, gain unauthorised access, and execute arbitrary code on affected devices.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
SonicWall – Security Advisory
QNAP – Security Advisory
Cisco – Security Advisories
Palo Alto – Eclypsium Blog
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.