The SonicBoom attack chain exemplifies the risks posed by overlooked authentication gaps and insecure file handling in enterprise appliances. This sophisticated multi-stage exploit leverages a combination of pre-authentication vulnerabilities, arbitrary file write, and server-side request forgery (SSRF) to achieve full system compromise. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. According to watchTowr reports, the SonicBoom chain exploits flaws in the authentication and file handling mechanisms of targeted appliances. The vulnerable code concatenates these parameters into URLs and file paths without proper sanitization, enabling SSRF and path traversal attacks. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. SonicWall SMA: Multiple CVEs, including CVE-2025-23006 and CVE-2024-38475, have been exploited in the wild, allowing pre-authentication remote code execution and admin takeover. A sophisticated new strain of malware dubbed "Chimera" has emerged in 2025, representing a significant evolution in cyber threats. The appliance downloads a ZIP file from the attacker’s server, then writes and extracts its contents into directories accessible by the web server. The attack is further facilitated by path traversal in the servicePack parameter, enabling writes to unintended directories. She is covering various cyber security incidents happening in the Cyber Space. This grants full administrative access, allowing the attacker to install programs, exfiltrate data, or further pivot within the network.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 08:55:06 +0000