Detections
Analytics

CVE-2025-32821

high

Description

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011

https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html

https://cyberscoop.com/sonicwall-exploited-vulnerabilities-surge/

https://www.securityweek.com/possible-zero-day-patched-in-sonicwall-sma-appliances/

https://www.helpnetsecurity.com/2025/05/08/sonicwall-sma100-vulnerability-exploited-cve-2025-32819/

https://www.darkreading.com/endpoint-security/sonicwall-patch-exploit-chain-sma-devices

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/

https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

Details

Source: Mitre, NVD

Published: 2025-05-07

Updated: 2025-05-08

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

Severity: High

EPSS

EPSS: 0.00052

OSZAR »