CVE-2025-23010

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
sonicwallCNA
---
---
CISA-ADPADP
7.2 HIGH
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006