- 166/2025
- Critical
SonicWall has released a security update to fix multiple vulnerabilities affecting SMA 100 Series (SMA 210, 410, and 500v).
The addressed vulnerabilities could allow the remote attacker to upload arbitrary files to the system, perform denial of service attacks, execute arbitrary JavaScript code, and conduct a cross-site scripting attack on the affected product.
Sample of the addressed vulnerabilities:
1. SonicWall SMA100 Post-Authentication Arbitrary File Upload Vulnerability (CVE-2025-40599):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Pre-Authentication Stack-Based Buffer Overflow Vulnerability (CVE-2025- 40596):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-40596
- CVE-2025-40597
- CVE-2025-40598
- CVE-2025-40599
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.