SonicWall has released critical patches to rectify three security vulnerabilities that affect the SMA 100 Secure Mobile Access (SMA) appliances, which could potentially enable remote code execution.<\/p>\n
The following vulnerabilities have been identified:<\/p>\n
– CVE-2025-32819<\/strong> (CVSS score: 8.8): This vulnerability allows a remote authenticated attacker with SSL-VPN user privileges to circumvent path traversal checks, enabling the deletion of arbitrary files and potentially reverting the appliance to factory settings.<\/p>\n – CVE-2025-32820<\/strong> (CVSS score: 8.3): A vulnerability that permits a remote authenticated attacker with SSL-VPN user privileges to inject a path traversal sequence, thereby allowing any directory on the SMA appliance to be made writable.<\/p>\n – CVE-2025-32821<\/strong> (CVSS score: 6.7): This flaw allows a remote authenticated attacker with SSL-VPN admin privileges to inject shell command arguments, facilitating file uploads directly to the appliance.<\/p>\n As highlighted in a report by Rapid7, an attacker with access to an SMA SSL-VPN user account can exploit these vulnerabilities in concert to alter permissions on sensitive system directories, escalate their privileges to SMA administrator level, and upload executable files to a system directory. Such actions ultimately lead to root-level remote code execution.<\/p>\n CVE-2025-32819 is considered a patch bypass for a previously identified flaw reported by NCC Group in December 2021. Rapid7’s analysis indicates that CVE-2025-32819 may have already been exploited in the wild as a zero-day, based on known indicators of compromise (IoCs) and incident response investigations. However, SonicWall has not confirmed any instances of the flaw being actively weaponized in real-world attacks.<\/p>\n The vulnerabilities impact various models within the SMA 100 Series, including the SMA 200, 210, 400, 410, and 500v. These issues have been addressed in version 10.2.1.15-81sv.<\/p>\n The emergence of these vulnerabilities comes at a time when multiple security flaws in SMA 100 Series devices, such as CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475, have been actively exploited in recent weeks. Users are strongly advised to update their systems to the latest version to ensure robust protection against potential threats.<\/p>\n","protected":false},"excerpt":{"rendered":" SonicWall has released critical patches to rectify three security vulnerabilities that affect the SMA 100 Secure Mobile Access (SMA) appliances,…<\/p>\n","protected":false},"author":1,"featured_media":778,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[144,167,148],"class_list":["post-777","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-exploitation","tag-patches","tag-vulnerabilities"],"acf":[],"yoast_head":"\nHistory and Exploitation<\/h3>\n