Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

SonicWall Patches Critical Flaws in SMA 100 Series Devices to Prevent Remote Code Execution, as Advanced Threat Actors Continue to Exploit Security Vulnerabilities in Secure Mobile Access Appliances


SONICWALL PATCHES CRITICAL FLAWS IN SMA 100 SERIES DEVICES TO PREVENT REMOTE CODE EXECUTION

  • SonicWall has issued a critical patch for SMA 100 series devices addressing three security flaws that could be exploited by attackers to gain remote code execution.
  • The first vulnerability (CVE-2025-32819) allows an attacker with access to an SMA SSL-VPN user account to bypass path traversal checks and delete arbitrary files on the appliance.
  • The second vulnerability (CVE-2025-32820) allows an attacker with SSL-VPN user privileges to inject path traversal sequences that make any directory on the appliance writable.
  • The third vulnerability (CVE-2025-32821) allows an attacker with admin privileges to inject shell command arguments to upload files to the appliance.
  • Organizations must prioritize timely installation of security patches to prevent remote code execution attacks, especially after recent vulnerabilities like CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475 have been exploited.



    • SonicWall has issued a critical patch for its SMA 100 series devices, addressing three security flaws that could be exploited by attackers to gain remote code execution. The vulnerabilities were discovered through a thorough security analysis conducted by the company's research team.

    The first vulnerability, identified as CVE-2025-32819, is rated at a CVSS score of 8.8, indicating a high level of risk. This flaw allows an attacker with access to an SMA SSL-VPN user account to bypass path traversal checks and delete arbitrary files on the appliance. While this vulnerability may seem innocuous, it could be used in conjunction with other vulnerabilities to elevate privileges and gain root-level access.

    The second vulnerability, CVE-2025-32820, also rated at a CVSS score of 8.3, allows an attacker with SSL-VPN user privileges to inject path traversal sequences that make any directory on the appliance writable. This could be used by an attacker to upload malicious code and execute it on the device.

    The third vulnerability, CVE-2025-32821, is rated at a CVSS score of 6.7, allowing an attacker with admin privileges to inject shell command arguments to upload files to the appliance. While this vulnerability has a lower CVSS score than the first two, its impact could still be significant if exploited by a determined attacker.

    According to Rapid7, a cybersecurity company that discovered and reported these vulnerabilities, "An attacker with access to an SMA SSL-VPN user account can chain these vulnerabilities to make a sensitive system directory writable, elevate their privileges to SMA administrator, and write an executable file to a system directory." This chain of events would result in root-level remote code execution.

    In its report, Rapid7 noted that CVE-2025-32819 may have been exploited in the wild as a zero-day based on known indicators of compromise (IoCs) and incident response investigations. However, SonicWall makes no mention of the flaw being weaponized in real-world attacks.

    SonicWall has released patches for these vulnerabilities in version 10.2.1.15-81sv for SMA 100 series devices, including SMA 200, 210, 400, 410, and 500v. The company recommends that users update their appliances to the latest version to ensure optimal protection.

    This incident highlights the ongoing importance of patch management in preventing remote code execution attacks on enterprise networks. As multiple security flaws in SMA 100 series devices have come under active exploitation in recent weeks, including CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475, it is essential for organizations to prioritize the timely installation of security patches to prevent such attacks.

    In conclusion, SonicWall's patch for its SMA 100 series devices addresses critical vulnerabilities that could be exploited by attackers to gain remote code execution. As advanced threat actors continue to exploit security weaknesses in secure mobile access appliances, it is crucial for organizations to stay vigilant and prioritize the timely installation of security patches to prevent such attacks.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/SonicWall-Patches-Critical-Flaws-in-SMA-100-Series-Devices-to-Prevent-Remote-Code-Execution-as-Advanced-Threat-Actors-Continue-to-Exploit-Security-Vulnerabilities-in-Secure-Mobile-Access-Appliances-ehn.shtml

  • https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

  • https://nvd.nist.gov/vuln/detail/CVE-2021-20035

  • https://www.cvedetails.com/cve/CVE-2021-20035/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-44221

  • https://www.cvedetails.com/cve/CVE-2023-44221/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-38475

  • https://www.cvedetails.com/cve/CVE-2024-38475/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-32819

  • https://www.cvedetails.com/cve/CVE-2025-32819/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-32820

  • https://www.cvedetails.com/cve/CVE-2025-32820/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-32821

  • https://www.cvedetails.com/cve/CVE-2025-32821/


    • Published: Thu May 8 11:22:36 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us