CyberSecurity news
FlagThis
@securityonline.info
//
SonicWall is urging administrators to immediately patch their Secure Mobile Access (SMA) 100 series appliances due to the discovery of three security vulnerabilities, one of which is being actively exploited in attacks. These vulnerabilities could allow a remote attacker to execute code as root, potentially leading to a complete system compromise. The affected devices include SMA 200, 210, 400, 410, and 500v models.
The three vulnerabilities, identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, involve post-authentication flaws that can be chained together. An attacker with SSL-VPN user privileges could bypass path traversal checks to delete arbitrary files (CVE-2025-32819), potentially causing a factory reset. They could also inject a path traversal sequence to make any directory on the SMA appliance writable (CVE-2025-32820). Furthermore, an attacker with admin privileges could inject shell command arguments to upload a file on the appliance (CVE-2025-32821). Rapid7 noted that exploiting these vulnerabilities in sequence can elevate privileges to SMA administrator and write an executable file to a system directory, resulting in root-level remote code execution.
The vulnerabilities have been addressed in firmware version 10.2.1.15-81sv and higher. SonicWall strongly advises users to upgrade to this version as soon as possible. As a precautionary measure, SonicWall also recommends enabling multifactor authentication (MFA) to protect against credential theft and resetting passwords for users who have logged in via the web interface. The company also advises enabling WAF on SMA100. These additional steps can help mitigate the risk even before the patch is applied.
ImgSrc: securityonline.
References :
The three vulnerabilities, identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, involve post-authentication flaws that can be chained together. An attacker with SSL-VPN user privileges could bypass path traversal checks to delete arbitrary files (CVE-2025-32819), potentially causing a factory reset. They could also inject a path traversal sequence to make any directory on the SMA appliance writable (CVE-2025-32820). Furthermore, an attacker with admin privileges could inject shell command arguments to upload a file on the appliance (CVE-2025-32821). Rapid7 noted that exploiting these vulnerabilities in sequence can elevate privileges to SMA administrator and write an executable file to a system directory, resulting in root-level remote code execution.
The vulnerabilities have been addressed in firmware version 10.2.1.15-81sv and higher. SonicWall strongly advises users to upgrade to this version as soon as possible. As a precautionary measure, SonicWall also recommends enabling multifactor authentication (MFA) to protect against credential theft and resetting passwords for users who have logged in via the web interface. The company also advises enabling WAF on SMA100. These additional steps can help mitigate the risk even before the patch is applied.
ImgSrc: securityonline.
Share:
References :
- bsky.app: SonicWall urges admins to patch VPN flaw exploited in attacks
- securityonline.info: Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
- The Hacker News: SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
- BleepingComputer: SonicWall urges admins to patch VPN flaw exploited in attacks
- securityonline.info: Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
Classification:
- HashTags: #SonicWall #VPN #SecurityPatch
- Company: SonicWall
- Target: SonicWall SMA Appliances
- Product: SMA 100
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Critical