CVE-2025-40595Server-Side Request Forgery in Sma1000

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 74.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sonicwall Sma1000
Timeline
PublishedMay 14

Description

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages1 packages

CVEListV5sonicwall/sma100012.4.3-02925 (platform-hotfix) and earlier versions

🔴Vulnerability Details

2
GHSA
GHSA-98vp-fcq9-gmj3: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface2025-05-14
CVEList
CVE-2025-40595: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface2025-05-14
CVE-2025-40595 — Server-Side Request Forgery in Sma1000 | cvebase