
Three Zero-Day Vulnerabilities Discovered in VMware Products
Three zero-day vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 have been discovered in nearly all VMware products.
Cybereason Consulting Team
A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s Secure Mobile Access (SMA) 1000 series appliances. This vulnerability has a CVSS score of 9.8 and has been reported as being actively exploited in the wild as a zero-day vulnerability. It impacts Appliance Management Console (AMC) and Central Management Console (CMC) products, specifically versions 12.4.3-02804 and earlier. If exploited, this vulnerability could allow a remote, unauthenticated attacker to execute arbitrary commands on affected appliances.
This type of SSL VPN appliance that has been impacted is traditionally internet-facing, making it easily accessible and a highly sought after target for threat actors as an intrusion vector. If a threat actor exploits this vulnerability and gains access to the VPN, it could potentially lead to network intrusions, which could later result in data exfiltration, extortion and/or encryption events.
Breaking Down the Advisory
In their advisory, SonicWall states "Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands."
What does this actually mean?
This vulnerability allows threat actors to skip all security checks and gain access by sending a specially crafted "package" that the system mistakenly trusts and runs.
Three zero-day vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 have been discovered in nearly all VMware products.
A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft
Three zero-day vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 have been discovered in nearly all VMware products.
A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft
Get the latest research, expert insights, and security industry news.
Subscribe