Sonicwall is liberated Patch to solve three security deficiencies that affect SMA 100 Secure Mobile Access (SMA) devices that can be made to lead to remote code.
Vulnerabilities shown below –
- Cve-2025-32819 (CVSS Assessment: 8.8) – Vulnerability in SMA100 allows a distant check -in striker with SSL -VPN user’s privileges to bypass the passing checks and delete an arbitrary file that potentially leads to reboot for default settings.
- Cve-2025-32820 (CVSS assessment: 8.3) – Vulnerability in SMA100 allows remote authentic assault with the SSL -VPN user privileges may enter the passage sequence to make any SMA directory recorded
- Cve-2025-32821 (CVSS assessment: 6.7) – Vulnerability in SMA100 allows for remote authentic attackers with the SSL -vPN administrator’s privileges with the administrator’s administrator’s privileges may enter the Arggom Argue to download the file to the device
“The attacker who has access to the user’s SSL-VPN user account can make a chain of these vulnerabilities to make a tangible system directory by exalting their privileges to the SMA administrator and write the executable file to the system catalog, Rapid77 – Note In the report. “This chain leads to the execution of the remote code at the root level.”
Cve-2025-32819 is rated as a patch for A Previously defined deficiency reports NCC Group to December 2021.
Cybersecurity company noted that the CVE-2025-32819 may have been used in the wild as a zero day based on known compromise (IOC) and response research research. However, it should be noted that Sonicwall does not mention the drawback armed with real attacks.
The disadvantages arising in the SMA 100, including SMA 200, 210, 410, 500V, were considered in the version 10.2.1.15-81SV.
Development happens as Some disadvantages of security In recent weeks, SMA 100 series devices have been actively operational, including CVE-2021-20035, CVE-2013-44221 and CVE-2024-38475. Users are advised to update their instances to the latest version for optimal protection.
