SonicWall has disclosed multiple critical security vulnerabilities affecting its SMA 100 series products that could allow remote attackers to execute arbitrary code without authentication.
The security vulnerabilities, tracked as CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598, impact the SMA 210, 410, and 500v models running firmware version 10.2.1.15-81sv and earlier.
These vulnerabilities represent a significant security risk for organizations relying on SonicWall’s secure mobile access solutions for remote connectivity.
Security researchers at watchTowr, led by Sina Kheirkhah, discovered three distinct vulnerabilities within the SMA 100 series web interface that pose serious threats to network security.
The most concerning aspects of these vulnerabilities are their pre-authentication nature, meaning attackers can exploit them without requiring valid credentials or prior system access.
Two of the vulnerabilities involve buffer overflow conditions that could lead to complete system compromise, while the third enables cross-site scripting attacks that allow arbitrary JavaScript execution in users’ browsers.
The buffer overflow vulnerabilities carry a CVSS score of 7.3, indicating high severity, while the cross-site scripting vulnerability scores 6.3 on the CVSS scale.
All three vulnerabilities can be exploited remotely over the network with low attack complexity, making them particularly attractive targets for malicious actors.
The discovery of these vulnerabilities highlights the ongoing security challenges facing network appliance manufacturers as they balance functionality with robust security controls.
SonicWall SMA 100 Vulnerabilities
CVE-2025-40596 represents a stack-based buffer overflow vulnerability that could allow remote attackers to cause denial of service conditions or potentially achieve code execution on affected systems.
This type of vulnerability occurs when input data exceeds the allocated buffer space on the system stack, potentially overwriting adjacent memory locations and corrupting program execution flow.
Similarly, CVE-2025-40597 involves a heap-based buffer overflow that presents comparable risks through different memory management mechanisms.
Both buffer overflow conditions share identical CVSS vectors of “CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,” indicating they can be exploited over the network without authentication or user interaction.
The successful exploitation of these vulnerabilities could result in unauthorized access to sensitive information, system modification capabilities, or complete system unavailability.
Organizations using affected SMA 100 series devices face immediate risks of system compromise, data breaches, and service disruptions until appropriate patches are applied.
Security Measures Recommended
SonicWall has released firmware version 10.2.2.1-90sv to address all three vulnerabilities and strongly urges immediate deployment across affected systems.
The company emphasizes that no evidence currently suggests active exploitation of these vulnerabilities in production environments, providing organizations with a critical window for remediation before potential widespread attacks occur.
As interim security measures, SonicWall recommends enabling multi-factor authentication as a safeguard against credential-based attacks and activating Web Application Firewall functionality on SMA 100 devices.
These defensive measures can help reduce attack surfaces while organizations plan and execute firmware updates.
The advisory specifically notes that SonicWall SSL VPN SMA 1000 series products and SSL-VPN services running on SonicWall firewalls remain unaffected by these particular vulnerabilities, limiting the scope of required remediation efforts to the SMA 100 series exclusively.
The discovery of these vulnerabilities underscores the critical importance of maintaining current firmware versions and implementing layered security controls for network infrastructure devices.
Organizations should prioritize immediate patching while implementing recommended security measures to protect against potential exploitation attempts.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
