CVE-2025-40599

Published Jul 23, 2025

Last updated 4 months ago

CVSS critical 9.1

Overview

Description
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
sma_210_firmware, sma_410_firmware, sma_500v_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

PSIRT@sonicwall.com
CWE-434

Social media

Hype score
Not currently trending

  1. Akira Ransomware Exploits SonicWall SMA100 Vulnerabilities: What You Need to Know https://t.co/Ug8h91rbMS New SonicWall SMA100 vulnerabilities (CVE-2025-40596 to CVE-2025-40599) could enable remote code execution—even on patched devices. While Akira ransomware activity has sur

    @f1tym1

    5 Aug 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Cyber News: SonicWall firewall devices are being continuously targeted by Akira ransomware attacks. SonicWall advises patching devices against (CVE-2025-40599). Unpatched devices may be prone to remote code execution. How capable are your defenses? #CybersecurityNews

    @XILENCExyber

    1 Aug 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SonicWall SMA 100シリーズに深刻な脆弱性-認証済みリモートコード実行の恐れ(CVE-2025-40599) #セキュリティ対策Lab #セキュリティ #Security https://t.co/u0CytiXjCv

    @securityLab_jp

    29 Jul 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #threatreport #LowCompleteness Critical SonicWall SMA Vulnerability CVE-2025-40599: What You Need to Know | 25-07-2025 Source: https://t.co/dEwXTeUpRk Key details below ↓ 🧑‍💻Actors/Campaigns: Unc6148 💀Threats: Overstep, Abyss_locker, Vsociety, 🎯Victims: Organiz

    @rst_cloud

    26 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #Sonicwall fixes critical flaw in SMA #appliances, urges customers to check for compromise (#CVE-2025-40599) https://t.co/OgbbppcSsC

    @ScyScan

    26 Jul 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks SonicWall patched CVE-2025-40599 (CVSS 9.1), a critical file upload flaw in SMA 100 appliances exploited by threat group UNC6148. Using stolen admin credentials, the group deployed OVERSTEP, a

    @dCypherIO

    25 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 SonicWall Hit by Overstep #Malware: Critical #CVE-2025-40599 Flaw Exploited in Stealth Attacks https://t.co/IPnw8kv3Or

    @UndercodeNews

    25 Jul 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. SonicWall urges patching SMA 100 series for critical vulnerability CVE-2025-40599. Clorox sues Cognizant over cyberattack damages, claiming $49 million direct losses and $380 million total, while Cognizant asserts no responsibility. #Security https://t.co/v1CZnpidZ9

    @Strivehawk

    24 Jul 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. **SonicWall patches critical file upload flaw that enables remote code execution** SonicWall's urging customers to patch CVE-2025-40599 in SMA 100 devices, which lets attackers with admin access upload malicious files for remote code execution. https://t.co/bmV2oEIBtn

    @DanielMiessler

    24 Jul 2025

    74 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Sophos Firewall and SonicWall SMA 100 Series have critical vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-40599) enabling remote code execution. Although affecting a small percentage, immediate patches are advised. #SecurityUpdate #Firewalls https://t.co/MdFIZD93IL

    @TweetThreatNews

    24 Jul 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🔒 خطر جدی برای دستگاه‌های SonicWall SMA 100! حفره امنیتی CVE-2025-40599 با نمره CVSS 9.1 می‌تواند منجر به اجرای کد از راه دور شود. به‌روزرسانی‌های امنیتی جدید را نصب کرده

    @Cyber_Sonar

    24 Jul 2025

    2 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. SonicWall urges immediate patching of SMA 100 devices to address CVE-2025-40599, a critical flaw enabling remote code execution via unauthenticated file uploads. Threat actors are exploiting stolen credentials to deploy ransomware. #SonicWall #Overstep https://t.co/stGDiyxjLp

    @TweetThreatNews

    24 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. SonicWall advises customers to patch SMA 100 series appliances against CVE-2025-40599 vulnerability, which allows remote code execution. Users should enhance security by changing passwords, enforcing MFA, and enabling WAF. #Security https://t.co/cGt1V2Cs5r

    @Strivehawk

    24 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Sonicwall corrige una vulnerabilidad crítica en dispositivos Secure Mobile Access (SMA) 100 Series ⚠️ CVE-2025-40599 https://t.co/ozE57740UG https://t.co/aDifk8BOhO

    @elhackernet

    24 Jul 2025

    1996 Impressions

    2 Retweets

    11 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. SonicWall patches a critical vulnerability (CVE-2025-40599) in SMA 100 gateways that enables remote file uploads and code execution. Recent Overstep malware attacks exploited admin credentials. Organizations should update and monitor. #ZeroDay #Overstep https://t.co/4jVX0DBp1S

    @TweetThreatNews

    24 Jul 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.CVE-2025-40603
  2. A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.CVE-2025-40598
  3. A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.CVE-2025-40597
  4. A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.CVE-2025-40596
  5. A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.CVE-2024-45319

References

Sources include official advisories and independent security research.