SonicWall Patches Multi Vulnerabilities in NetExtender VPN Client - #CVE-2025-23008
SonicWall has issued a critical security advisory for its NetExtender Windows client, a VPN tool, addressing three vulnerabilities in versions 10.3.1 and earlier. The most severe vulnerability, CVE-2025-23008, with a CVSS score of 7.2, allows low-privileged attackers to alter configurations, potentially compromising VPN connections. Two other vulnerabilities, CVE-2025-23009 and CVE-2025-23010, enable arbitrary file deletion and improper symlink handling, respectively. These flaws could lead to privilege escalation, service disruption, or unauthorized file operations. While no active exploitation has been reported, SonicWall strongly recommends users to upgrade to version 10.3.2 or later to mitigate these security risks. The potential impact of these vulnerabilities underscores the importance of prompt patching in maintaining the integrity and security of VPN connections.