SonicWall Releases Security Updates for NetExtender Windows Client, Addresses High-Severity Vulnerability
SonicWall has issued patches for three security vulnerabilities in its NetExtender VPN client for Windows, including a high-severity flaw that could allow attackers to alter application configurations.
NetExtender, which uses SSL to create secure connections for remote users to access enterprise networks, was found to contain a vulnerability tracked as CVE-2025-23008. This high-severity issue, carrying a CVSS score of 7.2, stems from improper privilege management and could be exploited by authenticated users to modify the client’s settings. The vulnerability affects both 32-bit and 64-bit versions of the software.
With the release of NetExtender Windows version 10.3.2, SonicWall also patched two medium-severity bugs: CVE-2025-23009, which could lead to arbitrary file deletion, and CVE-2025-23010, which enables file path manipulation.
The vulnerabilities are limited to the Windows version of NetExtender, with the Linux client remaining unaffected.
SonicWall stated that there is no evidence these bugs have been exploited in the wild. However, the company urges all users of the NetExtender Windows client to upgrade to the latest version to mitigate potential risks.
Despite the current lack of active exploitation, SonicWall products have been targeted in the past. Earlier this year, two separate vulnerabilities—CVE-2025-23006 (a zero-day remote code execution bug in Secure Mobile Access) and CVE-2024-53704 (an authentication bypass in SonicWall firewalls)—were actively exploited, highlighting the importance of timely patching.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
