CVE-2025-23009: 
SonicWall NetExtender vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2025-23009) was identified in SonicWall NetExtender Windows client (32 and 64 bit), which allows an attacker to trigger arbitrary file deletion. The vulnerability was disclosed on April 10, 2025, and affects versions 10.3.1 and earlier of the NetExtender Windows client (GBHackers News).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (High) with the following vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. It is categorized under CWE-250 (Execution with Unnecessary Privileges). The vulnerability requires local access and has low complexity for exploitation (NVD).

The vulnerability primarily affects system integrity, allowing attackers with local access to perform arbitrary file deletion on affected systems. The CVSS score of 7.2 indicates a high severity impact on the system's security (GBHackers News).

SonicWall has released version 10.3.2 of the NetExtender Windows client to address this vulnerability. Users are strongly advised to upgrade their NetExtender Windows client to version 10.3.2 or higher. Additionally, it is recommended to implement regular patch management practices and monitor systems for unusual activity (GBHackers News).