CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011

Configurations

No configuration.

History

08 May 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en SMA100 permite que un atacante remoto autenticado con privilegios de usuario SSLVPN pueda inyectar una secuencia de path traversal para hacer que cualquier directorio en el dispositivo SMA sea escribible.

07 May 2025, 19:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.3

07 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 18:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-32820

Mitre link : CVE-2025-32820

CVE.ORG link : CVE-2025-32820

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

8.3 /10