SonicWall has issued critical patches for three newly discovered vulnerabilities affecting its NetExtender VPN client for Windows, including a high-severity flaw that could let attackers alter configuration settings.
NetExtender, widely used by remote employees to securely connect to enterprise networks using SSL VPN protocols, has been updated to version 10.3.2 to address these issues. The most severe of the trio, tracked as CVE-2025-23008, carries a CVSS score of 7.2. This vulnerability stems from improper privilege management and could be exploited by authenticated users to tamper with configuration files, potentially opening the door to further compromise.
Two More Security Bugs Fixed in Latest NetExtender Release
The update also patches two medium-severity bugs:
- CVE-2025-23009 – A vulnerability that could allow arbitrary file deletion by an attacker.
- CVE-2025-23010 – A bug that enables file path manipulation, potentially giving attackers unauthorized access to restricted areas of the system.
SonicWall clarified that these flaws affect both 32-bit and 64-bit versions of the Windows client. Importantly, NetExtender for Linux remains unaffected, ensuring continuity for Linux-based users.
No Active Exploits Yet—But History Suggests Caution
At the time of the advisory, SonicWall has not observed any active exploitation of these vulnerabilities. However, given the brand’s history of being a frequent target, the company strongly recommends users update their NetExtender client without delay.
“While there is no evidence these vulnerabilities are currently being exploited in the wild, we urge all users to upgrade to the latest version,” SonicWall emphasized in its security notice.
SonicWall has previously been in the crosshairs of threat actors. Earlier this year, attackers actively exploited two other vulnerabilities:
- CVE-2025-23006 – A remote code execution bug in Secure Mobile Access was leveraged as a zero-day.
- CVE-2024-53704 – An authentication bypass flaw in SonicWall firewalls was exploited shortly after proof-of-concept code went public.
These incidents highlight the importance of timely patching, especially for enterprise security solutions that form the backbone of remote work infrastructure
