Sonicwall urges users of specific SMA 100 Series devices to urgently patch a critical vulnerability, CVE-2025-40599, to prevent potential remote code execution. Though there is no current evidence of active exploitation, an ongoing campaign involves a backdoor delivery mechanism and a zero-day vulnerability, highlighting the importance of timely updates. #CVE-2025-40599 #OVERSTEP #Sonicwall
Keypoints
- Sonicwall recommends immediate patching of affected SMA 210, 410, and 500v devices.
- The vulnerability allows remote attackers with admin privileges to upload arbitrary files and execute code.
- An active campaign has been delivering the OVERSTEP backdoor to end-of-life SMA devices for over six months.
- Users should review logs, disable remote management, reset passwords, and enforce MFA after updating.
- Impact is limited to specific SMA appliances; SonicWall SSL VPN products are unaffected.