Vulnerability
sysops

SonicWall has released security updates addressing three critical vulnerabilities in its NetExtender VPN client for Windows. 

The flaws, which could potentially allow attackers to escalate privileges and manipulate system files, affect both 32-bit and 64-bit versions of the software prior to version 10.3.2. 

Organizations utilizing the NetExtender client are strongly advised to update their installations immediately to mitigate potential security risks.

SonicWall NetExtender Windows Client Vulnerabilities

The security advisory outlines three distinct vulnerabilities in the NetExtender Windows client:

CVE-2025-23008 represents an improper privilege management vulnerability with a Critical CVSS score of 7.2.

This flaw allows low-privileged attackers to modify configurations, potentially compromising system security.  The vulnerability is classified as CWE-250, indicating execution with unnecessary privileges.

CVE-2025-23009 presents a local privilege escalation vulnerability with a CVSS score of 5.9, enabling attackers to trigger arbitrary file deletion. 

This vulnerability also falls under the CWE-250 classification and could lead to significant system integrity issues if exploited.

The third vulnerability, CVE-2025-23010, involves improper link resolution before file access (CWE-59), commonly known as “link following.” 

With a CVSS score of 6.5, this vulnerability allows attackers to manipulate file paths, potentially leading to system availability issues.

Security researchers Robert Janzen of Copperleaf Technologies, who identified CVE-2025-23008, and Hayden Wright, who discovered CVE-2025-23009 and CVE-2025-23010, responsibly disclosed the vulnerabilities.

The summary of the vulnerabilities is given below:

CVEsAffected ProductsImpactExploit PrerequisitesCVSS 3.1 ScoreCVE-2025-23008NetExtender Windows (32 and 64 bit)Improper Privilege ManagementLocal access with authentication credentials7.2CVE-2025-23009NetExtender Windows (32 and 64 bit)Local Privilege EscalationLocal access with authentication credentials.5.9CVE-2025-23010NetExtender Windows (32 and 64 bit)Improper Link Resolution, leading to denial-of-serviceLocal access with authentication credentials.6.5

Affected Systems and Remediation

The security flaws impact all NetExtender Windows client installations (both 32-bit and 64-bit) version 10.3.1 and earlier. 

SonicWall’s Linux-based NetExtender clients remain unaffected by these vulnerabilities. Code for the vulnerable components includes the client’s privilege management system:

SonicWall has addressed these issues in NetExtender Windows client version 10.3.2, which now includes proper privilege checks, secure path handling, and additional safeguards against link-following attacks.

SonicWall emphasized in their advisory that there is currently no evidence of these vulnerabilities being exploited in the wild.

However, as a precautionary measure, they strongly advise all users to upgrade to version 10.3.2 or higher.

For organizations unable to update immediately, security experts recommend implementing network segmentation and applying the principle of least privilege to minimize potential attack surfaces until patches can be deployed.

Administrators should visit the official SonicWall support portal to download the latest NetExtender client with these security fixes and verify digital signatures before deployment.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

Related Posts

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution…

Researchers Fabian Bräunlein and Luca Melette demonstrated how outdated Radio Ripple Control systems, used to manage up to 60 gigawatts…

A critical vulnerability, designated as CVE-2024-42219, has been identified in 1Password 8 for Mac. This flaw allows malicious actors to…