- 97/2025
- High
SonicWall has released a security update to fix Multiple vulnerabilities affecting SonicWall SMA 100 Series (SMA 200, 210, 400, 410, 500v).
The addressed vulnerabilities could allow the remote authenticated attacker to bypass path checks and delete files potentially resulting in a reboot to factory defaults, or inject shell command arguments to upload a file on the affected appliance.
Sample of the addressed vulnerabilities:
1. SonicWall SSLVPN User Arbitrary File Delete Vulnerability (CVE-2025-32819):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
2. SonicWall SSLVPN Admin Remote Command Injection Vulnerability (CVE-2025-32821):
- CVSS: 6.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: File Manipulation
Vulnerabilities
- CVE-2025-32819
- CVE-2025-32820
- CVE-2025-32821
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.