CVE-2025-23007

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 30, 2025

CWE ID 276

CWE ID 269

Summary

CVE-2025-23007 is a newly identified vulnerability affecting the NetExtender Windows client log export function. This issue grants unauthorized access to sensitive Windows system files, possibly enabling privilege escalation. An attacker could exploit this vulnerability by manipulating the log export process, allowing them to bypass security restrictions and access protected system data. The full implications of this vulnerability are still under investigation, but it poses a significant risk to Windows systems running the NetExtender client. Organizations are strongly advised to apply the available patch or workaround to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Sonicwall VPN Netextender

Affected Vendors

SonicWall

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners