CVE-2025-32821
published 2025-05-07CVE-2025-32821: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to…
PriorityP358high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
29.42%
97.9th percentile
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sma100 | — | — |
| sonicwall | sma_100_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
| sonicwall | sma_200_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
| sonicwall | sma_210_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
| sonicwall | sma_400_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
| sonicwall | sma_410_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
| sonicwall | sma_500v_firmware | < 10.2.1.15-81sv | 10.2.1.15-81sv |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS SonicWall SMA Authenticated Command Injection (CVE-2025-32821)
suricata·2025-10-06·CVSS 7.2
CVE-2025-32821 [HIGH] ET WEB_SPECIFIC_APPS SonicWall SMA Authenticated Command Injection (CVE-2025-32821)
ET WEB_SPECIFIC_APPS SonicWall SMA Authenticated Command Injection (CVE-2025-32821)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SonicWall SMA Authenticated Command Injection (CVE-2025-32821)"; flow:established,to_server; http.uri; content:"/cgi-bin/importlogo"; fast_pattern; startswith; http.request_body; content:"|0d 0a 0d 0a|"; pcre:"/^[^\x0d\]*?[\x24\x3b\x7c\x3c\x3e\x5e\x60\x0a\x23]/R"; http.method; content:"POST"; reference:url,www.rapid7.com/blog/post/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/; reference:cve,2025-32821; classtype:web-application-attack; sid:2065064; rev:1; metadata:affected_product SonicWall, attack_target Server, tls_state TLSDecrypt, created_at 2025_10_06, cve CVE_2025_32821, deployment Perimeter, deployment Inter
No public exploits indexed.
Bleepingcomputer
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
blogs_bleepingcomputer·2025-07-24·CVSS 6.5
CVE-2025-40599 [MEDIUM] SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
## SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
## Sergiu Gatlan
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.
The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices' web management interfaces, which can allow remote threat actors with administrative privileges to upload arbitrary files to the system.
"SonicWall strongly recommends that users of the SMA 100 series products (SMA 210, 410, and 500v) upgrade to the specified fixed release version to remediate this vulnerability," the company said . "This vulnerability does not affect SonicWall SSL VPN SMA1000 series products or
Bleepingcomputer
SonicWall urges admins to patch VPN flaw exploited in attacks
blogs_bleepingcomputer·2025-05-08·CVSS 8.8
CVE-2025-32819 [HIGH] SonicWall urges admins to patch VPN flaw exploited in attacks
## SonicWall urges admins to patch VPN flaw exploited in attacks
## Sergiu Gatlan
SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks.
Discovered and reported by Rapid7 cybersecurity researcher Ryan Emmons, the three security flaws (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) can be chained by attackers to gain remote code execution as root and compromise vulnerable instances.
The vulnerabilities impact SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and are patched in firmware version 10.2.1.15-81sv and higher.
"SonicWall strongly advises users of the SMA 100 series products (SMA 200, 210, 400, 410, and 500v) to upgrade to the mentioned fixed release
2025-05-07
Published