SonicWall has released patches addressing three critical vulnerabilities in its SMA 100 series appliances that could allow remote code execution and privilege escalation. Malicious actors could exploit these flaws to delete files, overwrite system data, or escalate privileges to gain root access. (Affected: SonicWall SMA 100 series appliances)
Keypoints :
- An authenticated attacker can exploit CVE-2025-32819 to delete arbitrary files, potentially causing system reboots to factory defaults.
- CVE-2025-32819 has been exploited as a zero-day in the wild, with attackers bypassing patch protections using low-privilege sessions.
- The vulnerability CVE-2025-32820 allows remote attackers to make directories writable and overwrite files, leading to persistent DoS conditions.
- CVE-2025-32821 enables authenticated attackers to upload files and exfiltrate sensitive data, with potential privilege escalation to root.
- Successful chaining of these vulnerabilities can allow attackers to achieve root-level remote code execution on affected appliances.
- SonicWall recommends updating to software version 10.2.1.15-81sv to mitigate these security risks.
- Rapid7 has indicated that these vulnerabilities are of high severity and have been exploited in active attacks in some cases.
Read More: https://www.securityweek.com/possible-zero-day-patched-in-sonicwall-sma-appliances/