Cybersecurity

SonicWall Issues Warning on Critical Security Vulnerabilities

SonicWall issues customer warning about critical security vulnerabilities in Secure Mobile Access (SMA) appliances, urging users to update firmware to patch the vulnerabilities and take necessary security measures to protect against potential cyber threats.

At a glance

  • SonicWall issued a customer warning about three critical security vulnerabilities.
  • Vulnerabilities affect Secure Mobile Access (SMA) appliances, including models SMA 200, 210, 400, 410, and 500v.
  • Firmware update version 10.2.1.15-81sv released to patch vulnerabilities, including CVE-2025-32819.
  • Attackers could gain remote code execution privileges as root, compromising vulnerable instances.
  • SonicWall recommends upgrading SMA 100 series products to mitigate vulnerabilities and monitor for unauthorized logins.

The details

SonicWall, a cybersecurity firm, has issued a customer warning. The warning addresses three critical security vulnerabilities that affect its Secure Mobile Access (SMA) appliances.

If exploited, attackers could gain remote code execution privileges as root.

This could compromise vulnerable instances. Several SMA device models are impacted, including the SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v.

SonicWall has released a firmware update to patch these vulnerabilities. The update is version 10.2.1.15-81sv and higher.

One vulnerability is identified as CVE-2025-32819. This vulnerability allows threat actors to delete the primary SQLite database and reset the password of the default SMA admin user. If successfully exploited, they can log in as an admin to the SMA web interface.

Attackers can also exploit the CVE-2025-32820 path traversal vulnerability, which makes the /bin folder writable and enables remote code execution as root by exploiting CVE-2025-32821.

SonicWall recommends that users of SMA 100 series products upgrade.

They should upgrade to the fixed release version to mitigate the vulnerabilities. Security researchers at Rapid7 suspect the vulnerabilities may have been exploited in the wild. This suspicion is based on known Indicators of Compromise (IOCs) and incident response investigations.

SonicWall advises admins to monitor SMA devices’ logs for unauthorized logins. They should also enable web application firewall and multifactor authentication on SMA100 appliances.

Two other vulnerabilities affecting SMA appliances are currently being actively exploited. These attacks aim to inject commands and execute code remotely.

SonicWall has identified another high-severity flaw. This flaw is being exploited in remote code execution attacks targeting SMA100 VPN appliances.

In January, SonicWall urged admins to patch a critical vulnerability in SMA1000 secure access gateways, which was being exploited in zero-day attacks.

One month later, SonicWall warned about an actively exploited authentication bypass flaw. This flaw affects Gen 6 and Gen 7 firewalls. It allows hackers to hijack VPN sessions. SonicWall customers are urged to apply the necessary patches promptly.

They should also follow the recommended security measures. This will protect their SMA appliances from potential cyber threats and unauthorized access.

Article X-ray

Facts attribution

This section links each of the article’s facts back to its original source.

If you suspect false information in the article, you can use this section to investigate where it came from.

bleepingcomputer.com
– SonicWall has urged customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances
– The vulnerabilities can be chained by attackers to gain remote code execution as root and compromise vulnerable instances
– The flaws impact SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices
– The vulnerabilities are patched in firmware version 10.2.1.15-81sv and higher
– Successful exploitation of CVE-2025-32819 allows threat actors to delete the primary SQLite database, reset the password of the default SMA admin user, and log in as admin to the SMA web interface
– Attackers can exploit the CVE-2025-32820 path traversal vulnerability to make the /bin folder writable and then gain remote code execution as root by exploiting CVE-2025-32821
– SonicWall advises users of the SMA 100 series products to upgrade to the fixed release version to address the vulnerabilities
– Rapid7 believes the vulnerability may have been used in the wild based on known IOCs and incident response investigations
– SonicWall advised admins to check SMA devices’ logs for unauthorized logins and enable web application firewall and multifactor authentication on SMA100 appliances
– Two other vulnerabilities affecting SMA appliances are now actively exploited in attacks to inject commands and execute code remotely
– SonicWall flagged another high-severity flaw as exploited in remote code execution attacks targeting SMA100 VPN appliances
– In January, SonicWall urged admins to patch a critical flaw in SMA1000 secure access gateways exploited in zero-day attacks
– One month later, SonicWall warned of an actively exploited authentication bypass flaw impacting Gen 6 and Gen 7 firewalls that lets hackers hijack VPN sessions.

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0

You may also like

Comments are closed.