For organizations unable to update immediately, security experts recommend implementing network segmentation and applying the principle of least privilege to minimize potential attack surfaces until patches can be deployed. Administrators should visit the official SonicWall support portal to download the latest NetExtender client with these security fixes and verify digital signatures before deployment. SonicWall has addressed these issues in NetExtender Windows client version 10.3.2, which now includes proper privilege checks, secure path handling, and additional safeguards against link-following attacks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Organizations utilizing the NetExtender client are strongly advised to update their installations immediately to mitigate potential security risks. Security researchers Robert Janzen of Copperleaf Technologies, who identified CVE-2025-23008, and Hayden Wright, who discovered CVE-2025-23009 and CVE-2025-23010, responsibly disclosed the vulnerabilities. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This flaw allows low-privileged attackers to modify configurations, potentially compromising system security. With a CVSS score of 6.5, this vulnerability allows attackers to manipulate file paths, potentially leading to system availability issues. This vulnerability also falls under the CWE-250 classification and could lead to significant system integrity issues if exploited. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Apr 2025 13:20:13 +0000