SonicWall has released a patch that addresses three security flaws that affect SMA 100 Secure Mobile Access (SMA) appliances.
The vulnerabilities are listed below –
- CVE-2025-32819 (CVSS Score: 8.8) – A vulnerability in SMA100 allows a remote authentication attacker with SSL-VPN user privileges to bypass the path traversal check and delete any file that could restart to factory default settings.
- CVE-2025-32820 (CVSS Score: 8.3) – SMA100 vulnerability allows remote authentication attackers with SSL-VPN user privileges to insert a path traversal sequence to create any directory on the SMA appliance
- CVE-2025-32821 (CVSS score: 6.7) – A vulnerability in SMA100 allows remote authentication attackers with SSL-VPN management privileges to have control.
“Attackers who have access to SMA SSL-VPN user accounts can chain these vulnerabilities to create sensitive system directories, raise privileges to SMA administrators, and write executables to the system directory,” Rapid7 said in the report. “This chain will execute root-level remote code.”
CVE-2025-32819 has been rated as a patch bypass for previously identified defects reported by the NCC group in December 2021.
The cybersecurity company noted that CVE-2025-32819 could have been misused in the wild as a zero day based on known indicators of compromise (IOCs) and incident response investigations. It is worth noting, however, that Sonic Wall does not mention the flaws that are weaponized in actual attacks.
The drawbacks affecting SMA 100 series, including SMA 200, 210, 400, 410, and 500V, are addressed in version 10.2.1.15-81SV.
This development is due to the aggressive exploitation of multiple security flaws in SMA 100 series devices in recent weeks, including CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475. Users are advised to update their instances to the latest version for optimal protection.
