Multiple SonicWall SMA 100 Vulnerabilities Let Attackers Compromise Systems

SonicWall has disclosed multiple high-severity vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. 

Security researchers from Rapid7 discovered three significant post-authentication vulnerabilities that, when chained together, could lead to complete system compromise with root-level access. 

The flaws impact SMA 200, 210, 400, 410, and 500v appliances running firmware version 10.2.1.14-75sv and earlier.

Significant Vulnerabilities in SonicWall SMA Appliances

The vulnerabilities, assigned tracking numbers CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, were disclosed in SonicWall’s advisory.

The first vulnerability (CVE-2025-32819) allows a remote authenticated attacker with SSLVPN user privileges to bypass path traversal checks and delete arbitrary files, potentially resulting in a reboot to factory default settings. 

This vulnerability carries a CVSS score of 8.8 and is related to CWE-552 (Files or Directories Accessible to External Parties).

The second vulnerability (CVE-2025-32820) enables an authenticated attacker with SSLVPN user privileges to inject a path traversal sequence to make any directory on the SMA appliance writable. 

This flaw has a CVSS score of 8.3 and is associated with CWE-22 (Path Traversal).

The third vulnerability (CVE-2025-32821) allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. 

This vulnerability has a CVSS score of 6.7 and relates to CWE-78 (OS Command Injection).

According to Rapid7’s research, these vulnerabilities can be chained together to achieve root-level remote code execution. 

An attacker with low-privilege access can exploit CVE-2025-32819 to delete critical files and elevate privileges to administrator, then use CVE-2025-32820 to make system directories writable, and finally leverage CVE-2025-32821 to write an executable file that the system would automatically execute with root privileges.

“An attacker with access to a low-privilege SMA user account can delete any file as root,” researchers said.

The exploitation chain results in complete system compromise, allowing attackers to gain persistent access to the appliance.

Mitigations

SonicWall has released firmware version 10.2.1.15-81sv to address these vulnerabilities and strongly advises all users of affected SMA 100 series products to update immediately. 

The company’s security advisory confirms that SMA 1000 series products are not affected by these vulnerabilities.

For organizations unable to update immediately, SonicWall recommends implementing the following workarounds:

• Enable multifactor authentication (MFA) as an additional security layer against credential theft.
• Enable Web Application Firewall (WAF) functionality on SMA 100 devices.
• Reset passwords for any users who have logged into the device via the web interface.

Organizations using SonicWall SMA 100 series appliances should prioritize this update as Rapid7 indicated they’ve observed private indicators of compromise suggesting CVE-2025-32819 may have already been exploited in the wild.

Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar

The post Multiple SonicWall SMA 100 Vulnerabilities Let Attackers Compromise Systems appeared first on Cyber Security News.