SonicWall has issued a security alert urging users to patch three critical vulnerabilities in its Secure Mobile Access (SMA) appliances, with one of the flaws actively exploited in attacks. These vulnerabilities can allow remote code execution at root level, potentially leading to system compromise. (Affected: SonicWall SMA 200, 210, 400, 410, and 500v devices)
Keypoints :
- SonicWall recommends updating SMA devices to firmware version 10.2.1.15-81sv or later to fix the vulnerabilities.
- The three CVEs (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) allow attackers to gain remote root access by chaining the flaws.
- A successful exploit can lead to database deletion, admin password reset, and remote code execution as root.
- Threat actors can escalate privileges from a user to administrator, then achieve root-level control on vulnerable appliances.
- SonicWall advises checking logs for suspicious activity, enabling web application firewalls, and implementing MFA for enhanced security.
- Previous vulnerabilities affecting SonicWall SMA appliances have been actively exploited in the wild, highlighting ongoing threats.
- Organizations should remain vigilant and ensure all SMA appliances are patched promptly to prevent potential breaches.