SonicWall has released patches to fix a critical vulnerability (CVE-2025-40599) in its SMA 100 series gateways, which could allow remote file uploads and code execution. Despite no current evidence of exploitation, warnings have been issued due to recent Overstep malware attacks targeting affected appliances. #CVE-2025-40599 #OverstepMalware
Keypoints
- SonicWall addressed a critical zero-day vulnerability in SMA 100 series devices.
- The flaw involves an arbitrary file upload via the web management interface, risking remote code execution.
- Attackers exploited compromised admin credentials used in Overstep malware campaigns.
- Organizations are advised to apply patches, monitor IoCs, and implement backup and recovery procedures.
- Additional patches fix vulnerabilities related to buffer overflows and XSS, with no evidence of active exploitation.