7.2
CVE-2025-32821
- EPSS 0.2%
- Published 07.05.2025 17:22:14
- Last modified 19.05.2025 15:12:23
- Source PSIRT@sonicwall.com
- Teams watchlist Login
- Open Login
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Sonicwall ≫ Sma 100 Firmware Version < 10.2.1.15-81sv
Sonicwall ≫ Sma 200 Firmware Version < 10.2.1.15-81sv
Sonicwall ≫ Sma 210 Firmware Version < 10.2.1.15-81sv
Sonicwall ≫ Sma 400 Firmware Version < 10.2.1.15-81sv
Sonicwall ≫ Sma 410 Firmware Version < 10.2.1.15-81sv
Sonicwall ≫ Sma 500v Firmware Version < 10.2.1.15-81sv
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.424 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.