8.8

CVE-2025-32819

Medienbericht
Exploit
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SonicwallSma 100 Firmware Version < 10.2.1.15-81sv
   SonicwallSma 100 Version-
SonicwallSma 200 Firmware Version < 10.2.1.15-81sv
   SonicwallSma 200 Version-
SonicwallSma 210 Firmware Version < 10.2.1.15-81sv
   SonicwallSma 210 Version-
SonicwallSma 400 Firmware Version < 10.2.1.15-81sv
   SonicwallSma 400 Version-
SonicwallSma 410 Firmware Version < 10.2.1.15-81sv
   SonicwallSma 410 Version-
SonicwallSma 500v Firmware Version < 10.2.1.15-81sv
   SonicwallSma 500v Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.79% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011
Vendor Advisory
https://old.rapid7.com/blog/post/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/
Third Party Advisory
Exploit