SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.
SonicWall outlined three distinct vulnerabilities affecting NetExtender for Windows versions 10.3.1 and earlier:
CVE-2025-23008 — Improper Privilege Management (CVSS 7.2)This high-severity flaw allows a low-privileged attacker to modify critical configurations on the client machine. This could be used to re-route VPN connections or weaken security settings, undermining the integrity of secure access mechanisms.
CVE-2025-23009 — Local Privilege Escalation via Arbitrary File Deletion (CVSS 5.9)A classic privilege escalation vector, this vulnerability allows attackers to delete arbitrary files on the system, potentially triggering elevation of privileges or disruption of services. If exploited, this bug could be chained with other vulnerabilities or used to delete log files, security policies, or other sensitive configurations.
CVE-2025-23010 — Link Following File Access Issue (CVSS 6.5)This flaw stems from improper handling of symbolic links (symlinks), which attackers can manipulate to redirect file operations to unintended or unauthorized locations. This could allow tampering with system files or redirecting VPN credential handling to attacker-controlled paths.
Affected:
NetExtender Windows (32 and 64 bit): Version 10.3.1 and earlierFixed in:
NetExtender Windows (32 and 64 bit): Version 10.3.2 and laterWhile there is no evidence of active exploitation, the company warns