SonicWall warns about a critical vulnerability in SMA 100 series appliances that could allow remote code execution through an unauthenticated file upload. Threat actors are actively exploiting compromised credentials and deploying malware such as OVERSTEP and Abyss ransomware. #SonicWall #CVE-2025-40599
Keypoints
- SonicWall urges users to patch SMA 100 series devices to fix a critical file upload vulnerability.
- The security flaw (CVE-2025-40599) can be exploited by attackers with administrative privileges.
- Threat actors, including UNC6148, are deploying rootkit malware and ransomware on compromised devices.
- Attackers previously stole credentials through multiple vulnerabilities and are now targeting SMA appliances.
- SonicWall recommends securing devices by reviewing logs, disabling remote access, and enabling multi-factor authentication.