SonicWall Addresses Critical Vulnerabilities in SMA 100 Series Devices
SonicWall has announced the release of critical patches aimed at rectifying three significant vulnerabilities within its SMA 100 Secure Mobile Access (SMA) appliances. These flaws are serious enough to potentially allow for remote code execution, posing major security risks for affected users.
The vulnerabilities have been identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. Notably, CVE-2025-32819, with a CVSS score of 8.8, allows an authenticated attacker with SSL-VPN user privileges to bypass path traversal safeguards. This could lead to the unauthorized deletion of arbitrary files, effectively resetting the device to factory defaults. Another flaw, CVE-2025-32820, scores 8.3 on the CVSS scale and enables a similar attacker to modify any directory on the SMA device to allow write access. Lastly, CVE-2025-32821, with a score of 6.7, pertains to vulnerabilities that allow an SSL-VPN admin to upload files to the appliance via shell command injection.
According to security experts at Rapid7, an attacker who leverages these vulnerabilities could chain them together to gain elevated privileges. By doing so, they could modify sensitive system directories and execute harmful scripts. This poses a grave risk of root-level remote code execution, significantly increasing the potential for a broader breach if not properly mitigated.
The first vulnerability, CVE-2025-32819, has been noted as a potential patch bypass for a previously recognized flaw disclosed by NCC Group in December 2021. Rapid7 has pointed out that there are indications this vulnerability could have been actively exploited in the wild, evidenced by known indicators of compromise. However, SonicWall has refrained from suggesting that this flaw has been weaponized in real-world scenarios.
These vulnerabilities impact various SMA 100 Series models, including the SMA 200, 210, 400, 410, and 500v. Users are encouraged to apply the latest update, version 10.2.1.15-81sv, which addresses these weaknesses and ensures robust protection against possible exploits.
In recent weeks, these SMA 100 Series devices have become a target for exploitation, with other vulnerabilities including CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475 currently under scrutiny. Businesses utilizing these devices are strongly advised to assess their systems and upgrade to the latest version to mitigate risk.
Understanding the tactics behind these vulnerabilities, organizations may consider referencing the MITRE ATT&CK framework. The techniques that could potentially be leveraged in these types of attacks include initial access through valid accounts, persistence via file system modifications, and privilege escalation through directory access control manipulation. Given the severity of these vulnerabilities, proactive vigilance is crucial for maintaining cybersecurity integrity.
Organizations should remain alert and responsive, implementing necessary updates, and fostering a culture of cybersecurity awareness to safeguard their operations against breaches and vulnerabilities.
