CVE-2025-32821

Published May 7, 2025

Last updated a year ago

CVSS high 7.1
SSL

Overview

Description
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
Source
PSIRT@sonicwall.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
5.5
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
Severity
HIGH

Weaknesses

PSIRT@sonicwall.com
CWE-78

Social media

Hype score
Not currently trending

  1. Warning: Multiple vulnerabilities in #SonicWall SMA100 SSL-VPN (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) can be chained to fully compromise the device and are now being exploited by financially motivated actors. More info: https://t.co/ddkqBC3sw3 #Patch #Patch #Patch

    @CCBalert

    18 Jul 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Vulnerabilidades en los productos SonicWall ❗CVE-2025-32819 ❗CVE-2025-32820 ❗CVE-2025-32821 ➡️Más info: https://t.co/FT9dGtNU8B https://t.co/IRo7XHKe8t

    @CERTpy

    12 May 2025

    211 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. #SonicWall patched three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), that could be chained by a #hacker to execute arbitrary code. #Cybersecurity #infosec https://t.co/iAe4zoW6ls https://t.co/rTF2viwO5J

    @twelvesec

    11 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. SonicWall has urged customers to patch three vulnerabilities (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) in its Secure Mobile Access (SMA) appliances, which can be exploited for remote code execution. https://t.co/Yyz5TluUgP

    @securityRSS

    9 May 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-32821 🔴 HIGH (7.1) 🏢 SonicWall - SMA100 🏗️ 10.2.1.14-75sv and earlier versions 🔗 https://t.co/WWEOVoSL3M #CyberCron #VulnAlert #InfoSec https://t.co/9o2aftjvui

    @cybercronai

    9 May 2025

    149 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  6. CVE-2025-32821 A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a… https://t.co/DAVtK0EjYZ

    @CVEnew

    7 May 2025

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.CVE-2026-22750
  2. wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.CVE-2026-5466
  3. Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.CVE-2026-5194
  4. Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.CVE-2026-3547
  5. Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.CVE-2026-3549

References

Sources include official advisories and independent security research.