Yesterday CISA announced that it had added a missing authorization vulnerability in the SonicWall SMA CISA Adds Sonic Wall Vulnerability to KEV Catalog – 12-17-25. SonicWall issued their advisory on this vulnerability yesterday. They note that the vulnerability was reported by Clément Lecigne and Zander Work of Google Threat Intelligence Group. That advisory also reports that two other unpatched vulnerabilities are necessary for exploit of the missing authorization vulnerability by unauthorized actors. SonicWall has a new platform hotfix that mitigates this vulnerability.
CISA has
required that all federal agencies utilizing this SonicWall product to
apply “mitigations per vendor instructions, follow applicable BOD 22-01
guidance for cloud services, or discontinue use of the product if mitigations
are unavailable”. The deadline for those actions is December 24th,
2025.
Posts
No comments:
Post a Comment