SonicWall Addresses Critical Vulnerabilities in SMA 100 Devices Enabling Elevated Code Execution by Malicious Actors
SonicWall has released critical patches to rectify three security vulnerabilities that affect the SMA 100 Secure Mobile Access (SMA) appliances, which could potentially enable remote code execution.
Vulnerabilities Overview
The following vulnerabilities have been identified:
– CVE-2025-32819 (CVSS score: 8.8): This vulnerability allows a remote authenticated attacker with SSL-VPN user privileges to circumvent path traversal checks, enabling the deletion of arbitrary files and potentially reverting the appliance to factory settings.
– CVE-2025-32820 (CVSS score: 8.3): A vulnerability that permits a remote authenticated attacker with SSL-VPN user privileges to inject a path traversal sequence, thereby allowing any directory on the SMA appliance to be made writable.
– CVE-2025-32821 (CVSS score: 6.7): This flaw allows a remote authenticated attacker with SSL-VPN admin privileges to inject shell command arguments, facilitating file uploads directly to the appliance.
As highlighted in a report by Rapid7, an attacker with access to an SMA SSL-VPN user account can exploit these vulnerabilities in concert to alter permissions on sensitive system directories, escalate their privileges to SMA administrator level, and upload executable files to a system directory. Such actions ultimately lead to root-level remote code execution.
History and Exploitation
CVE-2025-32819 is considered a patch bypass for a previously identified flaw reported by NCC Group in December 2021. Rapid7’s analysis indicates that CVE-2025-32819 may have already been exploited in the wild as a zero-day, based on known indicators of compromise (IoCs) and incident response investigations. However, SonicWall has not confirmed any instances of the flaw being actively weaponized in real-world attacks.
The vulnerabilities impact various models within the SMA 100 Series, including the SMA 200, 210, 400, 410, and 500v. These issues have been addressed in version 10.2.1.15-81sv.
The emergence of these vulnerabilities comes at a time when multiple security flaws in SMA 100 Series devices, such as CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475, have been actively exploited in recent weeks. Users are strongly advised to update their systems to the latest version to ensure robust protection against potential threats.
A recently released advisory from the FBI and Canadian authorities highlights the activities of a China-linked group known as Salt…
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory regarding cyber…
Imagine a landscape where cybersecurity professionals, enthusiasts, or whistleblowers can anonymously report new clusters of malicious cyber activity without enduring…
Recent reports have emerged regarding a significant breach, touted as the “mother of all breaches,” which quickly garnered extensive media…
Cybersecurity researchers have identified two significant local privilege escalation (LPE) vulnerabilities that could potentially allow unauthorized access to root privileges…
The first half of 2025 has witnessed the decline and fall of multiple previously dominant ransomware groups such as LockBit,…
OpenAI is set to release an update for ChatGPT that will activate the new o3 Pro model, which boasts enhanced…
Microsoft has released the KB5058481 preview cumulative update for Windows 10 22H2, which introduces several enhancements, including the restoration of…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…