CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

History

19 May 2025, 15:12

Type	Values Removed	Values Added
CPE		cpe:2.3:o:sonicwall:sma_400_firmware:::::::: cpe:2.3:h:sonicwall:sma_200:-:::::::* cpe:2.3:h:sonicwall:sma_410:-:::::::* cpe:2.3:o:sonicwall:sma_410_firmware:::::::: cpe:2.3:h:sonicwall:sma_210:-:::::::* cpe:2.3:h:sonicwall:sma_400:-:::::::* cpe:2.3:o:sonicwall:sma_100_firmware:::::::: cpe:2.3:o:sonicwall:sma_210_firmware:::::::: cpe:2.3:h:sonicwall:sma_100:-:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:::::::: cpe:2.3:h:sonicwall:sma_500v:-:::::::* cpe:2.3:o:sonicwall:sma_500v_firmware::::::::
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 - Vendor Advisory
First Time		Sonicwall sma 200 Firmware Sonicwall sma 210 Sonicwall sma 500v Firmware Sonicwall sma 410 Firmware Sonicwall sma 200 Sonicwall sma 400 Sonicwall sma 400 Firmware Sonicwall Sonicwall sma 500v Sonicwall sma 410 Sonicwall sma 100 Sonicwall sma 210 Firmware Sonicwall sma 100 Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 7.2

08 May 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en SMA100 permite que un atacante remoto autenticado con privilegios de administrador SSLVPN pueda inyectar argumentos de comando de shell para cargar un archivo en el dispositivo.

07 May 2025, 19:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

07 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 18:15

Updated : 2025-05-19 15:12

NVD link : CVE-2025-32821

Mitre link : CVE-2025-32821

CVE.ORG link : CVE-2025-32821

JSON object : View

Products Affected

sonicwall

sma_410_firmware
sma_500v
sma_100_firmware
sma_200
sma_410
sma_210
sma_500v_firmware
sma_210_firmware
sma_200_firmware
sma_100
sma_400
sma_400_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

7.2 /10