CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
SonicWall has released patches to address three significant vulnerabilities impacting its Secure Mobile Access (SMA) 100 series appliances. These flaws, including a potential zero-day, could be chained together by remote attackers to achieve remote code execution. The vulnerabilities affect SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices, highlighting the importance of timely updates to prevent exploitation. Cybersecurity experts are urging administrators to apply the patches immediately to mitigate the risk of unauthorized access and potential system compromise.
The most serious of the vulnerabilities, tracked as CVE-2025-32819, is a high-severity arbitrary file delete bug. This flaw could allow attackers to bypass path traversal checks, enabling arbitrary file deletion and potentially leading to reboots to factory settings. SonicWall noted that this vulnerability may have been exploited in the wild, based on known indicators of compromise. Additionally, CVE-2025-32820, another high-severity vulnerability, could facilitate system overwriting, resulting in a denial-of-service condition. The third vulnerability, CVE-2025-32821, is a medium-severity bug that could enable shell command injections, potentially leading to root-level remote code execution.
The fixes are available in firmware version 10.2.1.15-81sv and higher. SonicWall is strongly advising all users of the SMA 100 series products to update their appliances to the latest firmware to protect their systems from these critical vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has also added SonicWall SMA100 flaws to its Known Exploited Vulnerabilities catalog.
ImgSrc: securityaffairs
References :
The most serious of the vulnerabilities, tracked as CVE-2025-32819, is a high-severity arbitrary file delete bug. This flaw could allow attackers to bypass path traversal checks, enabling arbitrary file deletion and potentially leading to reboots to factory settings. SonicWall noted that this vulnerability may have been exploited in the wild, based on known indicators of compromise. Additionally, CVE-2025-32820, another high-severity vulnerability, could facilitate system overwriting, resulting in a denial-of-service condition. The third vulnerability, CVE-2025-32821, is a medium-severity bug that could enable shell command injections, potentially leading to root-level remote code execution.
The fixes are available in firmware version 10.2.1.15-81sv and higher. SonicWall is strongly advising all users of the SMA 100 series products to update their appliances to the latest firmware to protect their systems from these critical vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has also added SonicWall SMA100 flaws to its Known Exploited Vulnerabilities catalog.
ImgSrc: securityaffairs
Share:
References :
- The Hacker News: SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
- securityonline.info: Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
- circl: Security Advisory - SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities and following the following technical disclosure
- BleepingComputer: SonicWall urges admins to patch VPN flaw exploited in attacks
- Help Net Security: HelpNetSecurity details SonicWall SMA100 vulnerability exploited in the wild
- Rapid7 Cybersecurity Blog: Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
- MSSP feed for Latest: Exploited SonicWall Flaws Added to KEV List Amid PoC Code Release
- bsky.app: SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/
- Caitlin Condon: Today, disclosed 3 new vulnerabilities in SonicWall SMA-100 series appliances, one of which we believe may have been used in the wild.
- vulnerability.circl.lu: Security Advisory - SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities and following the following technical disclosure: 🔗 It's exploited. 🔗 Bundle with all the vulnerabilities and the sighting
- securityaffairs.com: SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code
- MSSP feed for Latest: SonicWall Patches Critical Vulnerabilities in SMA 100 Series Appliances
- www.scworld.com: SonicWall addresses trio of SMA 100 flaws
- socradar.io: Severe Vulnerabilities in Cisco & SonicWall Expose Systems to RCE, DoS, and More: Patch Now
- Threats | CyberScoop: SonicWall customers confront resurgence of actively exploited vulnerabilities
- cyberscoop.com: The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.
- bsky.app: New SonicWall SMA zero-day. Looks like a post-compromise exploit for EoP
Classification:
- HashTags: #SonicWall #VPNvulnerability #Cybersecurity
- Company: SonicWall
- Target: SonicWall SMA 100 users
- Product: SMA 100
- Feature: Remote Code Execution
- Malware: SMA 100 Vulnerabilities
- Type: Vulnerability
- Severity: Critical