CVE-2025-40603 — Log File Information Exposure in SMA 210 Firmware

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

4.5MEDIUMNVD

EPSS

0.0%

top 86.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 210 Firmware Sonicwall SMA 410 Firmware Sonicwall SMA 500v Firmware +1 more

Timeline

PublishedOct 31

Description

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5sonicwall/sma10010.2.2.2-92sv and earlier versions

▶NVDsonicwall/sma_210_firmware< 10.2.2.3

▶NVDsonicwall/sma_410_firmware< 10.2.2.3

▶NVDsonicwall/sma_500v_firmware< 10.2.2.3

🔴Vulnerability Details

GHSA

GHSA-8x72-pg98-vrf2: A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, unde↗2025-10-31

▶

CVEList

CVE-2025-40603: A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, unde↗2025-10-31

▶