CVE-2025-23010

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006

Configurations

No configuration.

History

17 Apr 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.2

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de resolución de enlace incorrecta antes del acceso a archivos ('Seguimiento de enlace') en el cliente Windows (32 y 64 bits) de SonicWall NetExtender que permite a un atacante manipular las rutas de archivos.

10 Apr 2025, 20:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

10 Apr 2025, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-10 19:16

Updated : 2025-04-17 16:15

NVD link : CVE-2025-23010

Mitre link : CVE-2025-23010

CVE.ORG link : CVE-2025-23010

JSON object : View

Products Affected

No product.

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

7.2 /10