CVE-2025-40599

Summary

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA 100 Series10.2.1.15-81sv and earlier versionsaffected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References