Multiple vulnerabilities disclosed in SonicWall NetExtender Windows Client

Summary

Cyble's Security Update Advisory provides a synopsis of the latest vulnerability patches released by various vendors. This advisory discusses multiple vulnerabilities disclosed in SonicWall NetExtender.

Based on naming standards followed by Common Vulnerabilities and Exposures (CVE) and severity standards as defined by the Common Vulnerability Scoring System (CVSS), vulnerabilities are classified as high, medium, and low vulnerabilities.

Vulnerability Details

Improper Privilege Management

CVE-2025-23008

CVSSv3.1

7.2

Severity

High

Vulnerable Versions

NetExtender Windows (32 and 64-bit) Version 10.3.1 and earlier versions

Description

The affected versions of SonicWall NetExtender Windows (32 and 64-bit) clients are vulnerable to an Improper Privilege Management vulnerability, which allows a low-privileged attacker to modify configurations.

Patch Link

Link

Local Privilege Escalation

CVE-2025-23009

CVSSv3.1

5.9

Severity

Medium

Vulnerable Versions

NetExtender Windows (32 and 64-bit) Version 10.3.1 and earlier versions

Description

The affected versions of SonicWall NetExtender Windows (32 and 64-bit) clients are vulnerable to local privilege escalation vulnerability, allowing an attacker to trigger an arbitrary file deletion.

Patch Link

Link

Improper Link Resolution Before File Access

CVE-2025-23010

CVSSv3.1

6.5

Severity

Medium

Vulnerable Versions

NetExtender Windows (32 and 64-bit) Version 10.3.1 and earlier versions

Description

The affected versions of SonicWall NetExtender Windows (32 and 64-bit) clients are vulnerable to Improper Link Resolution Before File Access vulnerability, allowing an attacker to manipulate file paths.

Patch Link

Link

Recommendations

• Implement the latest patch released by the official vendor: Regularly update all software and hardware systems with the latest patches from official vendors to mitigate vulnerabilities and protect against exploits. Establish a routine schedule for patch application and ensure critical patches are applied immediately.

• Implement a robust patch management process: Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.

• Incident response and recovery plan: Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.

• Monitoring and logging malicious activities across the network: Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities. Use SIEM (Security Information and Event Management) systems to aggregate and correlate logs for real-time threat detection and response.

• To mitigate risks associated with End-of-Life (EOL) products: Organizations should proactively identify and assess their criticality, then plan for timely upgrades or replacements.

Conclusion

SonicWall NetExtender is a secure remote access Windows client that enables users to connect to a SonicWall firewall VPN, commonly used in enterprise environments for remote workforce connectivity. Recently, multiple critical vulnerabilities were discovered in NetExtender version 10.3.1 and earlier, including an Improper Privilege Management vulnerability, a Local Privilege Escalation vulnerability, and an Improper Link Resolution Before File Access ('Link Following') issue. These flaws can allow attackers to elevate privileges, manipulate file access, and potentially compromise system integrity. Given the widespread deployment of NetExtender across organizations, urgent patching is strongly recommended to mitigate the risk of exploitation and ensure secure remote access.