Authentication vulnerability identified in SonicWall systems, posing an imminent risk of aggressive exploitation
In a recent development, a widespread and active exploitation of the CVE-2024-53704 vulnerability in SonicWall's SonicOS has been reported. This high-severity flaw, with a CVSS score of 8.2, is an improper authentication issue in the SSLVPN, making it a valuable target for cyber attackers [1][3][5].
SonicWall itself has issued warnings about attacks actively exploiting this vulnerability, underscoring its impact and the urgency for affected users to apply necessary patches or mitigations [1][2][5]. The exploitation is ongoing, affecting SonicWall SonicOS users globally [1][2][3].
As of mid-2025, no publicly available reports have explicitly identified the malware groups exploiting this vulnerability [1][2][3][5]. However, Arctic Wolf researchers have previously seen Akira ransomware actors target SSL VPN accounts on SonicWall devices as initial access points for attacks [4].
The vulnerability can allow an attacker to hijack active SSL VPN sessions and gain unauthorized access to a network. An attacker can also read a user's Virtual Office bookmarks and get a client configuration profile for NetExtender. They can further access private networks and conduct other activities through this vulnerability [1][2][3].
To mitigate the risk of compromise, organizations using SonicWall SonicOS are strongly advised to update to the latest firmware versions and apply relevant security patches [6]. The Cybersecurity and Infrastructure Security Agency has added CVE-2024-53704 to its known exploited vulnerabilities catalog [7].
In a related development, SonicWall has also warned about a new critical vulnerability, listed as CVE-2025-23006, in SMA 1000 appliances [8]. The company is urging customers and partners to upgrade their firmware to address both vulnerabilities.
Security researchers have warned that successful exploitation of this vulnerability could lead to disruptions in service availability and the disclosure of confidential information [6]. Bishop Fox researchers have released a proof-of-concept for the vulnerability earlier this month [9].
In conclusion, the active and ongoing exploitation of the CVE-2024-53704 vulnerability in SonicWall's SonicOS poses a significant security risk to users worldwide. It is crucial for affected organizations to update their firmware and apply security patches to protect their networks from potential attacks.
- Threat intelligence indicates that the ongoing exploitation of the CVE-2024-53704 vulnerability in SonicWall's SonicOS could potentially be used by ransomware groups like Akira, given their previous targeting of SSL VPN accounts on SonicWall devices.
- Enhanced cybersecurity measures are necessary to safeguard against the vulnerability, considering that an attacker, once successful in exploiting it, can not only hijack SSL VPN sessions but also access private networks, read user bookmarks, and conduct other malicious activities.
- To combat this threat, it's essential for SonicWall SonicOS users to update to the latest firmware versions and apply relevant security patches, as recommended by both SonicWall and the Cybersecurity and Infrastructure Security Agency, to minimize the risk of compromise and potential cyberattacks.
