CVE-2025-23010

Published: Apr 10, 2025Modified: Apr 17, 2025

7.2

Vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 6.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006

Source: PSIRT@sonicwall.com

Timeline

No history available yet.