Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update

SonicWall has released a security advisory detailing multiple vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. The advisory highlights three significant post-authentication vulnerabilities that could allow attackers to compromise affected systems.

The advisory outlines the following key vulnerabilities:

• CVE-2025-32819: Post-Authentication SSLVPN user arbitrary file delete vulnerability. This vulnerability allows a remote authenticated attacker with SSLVPN user privileges to bypass path traversal checks and delete arbitrary files. This could lead to a reboot to factory default settings, causing significant disruption. This vulnerability has a CVSS score of 8.8, indicating a high level of severity.

• CVE-2025-32820: Post-Authentication SSLVPN user Path Traversal vulnerability. This vulnerability enables a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. This vulnerability has a CVSS score of 8.3.

• CVE-2025-32821: Post-Authentication SSLVPN admin remote command injection vulnerability. This vulnerability allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. This vulnerability has a CVSS score of 6.7.

The vulnerabilities affect the following SonicWall SMA 100 series products: SMA 200, 210, 400, 410, and 500v, specifically those running versions 10.2.1.14-75sv and earlier. It is important to note that “SonicWall SSL VPN SMA1000 series products are not affected by these vulnerabilities.”

SonicWall strongly advises users of the affected SMA 100 series products to upgrade to the fixed release version to address these vulnerabilities. The fixed version is 10.2.1.15-81sv and higher.

In addition to upgrading, SonicWall recommends the following workaround as a safety measure:

• Enable multifactor authentication (MFA): SonicWall emphasizes that “MFA has an invaluable safeguard against credential theft and is a key measure of good security posture.” The advisory further clarifies that “MFA is effective whether it is enabled on the appliance directly or on the directory service in your organization.”
• Enable WAF on SMA100.
• Reset Passwords: Reset the passwords for any users who may have logged into the device via the web interface.

Related Posts:

• Netgear Patches Multiple Vulnerabilities in CAX30, XR1000, and R7000 Routers
• Multiple Vulnerabilities in SonicWall SMA 100 Could Lead to Remote Code Execution
• Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766)
• SonicWall Confirms Active Exploitation of SMA 100 Vulnerabilities – Urges Immediate Patching
• SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475