AI description
CVE-2025-40599 is an authenticated arbitrary file upload vulnerability found in the web management interface of the SonicWall SMA 100 series. A remote attacker who has administrative privileges could exploit this vulnerability. Successful exploitation could allow the attacker to upload arbitrary files to the system, potentially leading to remote code execution. The vulnerability affects SMA 210, 410, and 500v appliances running firmware versions 10.2.1.15-81sv and earlier. To remediate this vulnerability, users should upgrade to version 10.2.2.1-90sv or higher.
- Description
- An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.
- Source
- PSIRT@sonicwall.com
- NVD status
- Analyzed
- Products
- sma_210_firmware, sma_410_firmware, sma_500v_firmware
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- PSIRT@sonicwall.com
- CWE-434
- Hype score
- Not currently trending
Akira Ransomware Exploits SonicWall SMA100 Vulnerabilities: What You Need to Know https://t.co/Ug8h91rbMS New SonicWall SMA100 vulnerabilities (CVE-2025-40596 to CVE-2025-40599) could enable remote code execution—even on patched devices. While Akira ransomware activity has sur
@f1tym1
5 Aug 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber News: SonicWall firewall devices are being continuously targeted by Akira ransomware attacks. SonicWall advises patching devices against (CVE-2025-40599). Unpatched devices may be prone to remote code execution. How capable are your defenses? #CybersecurityNews
@XILENCExyber
1 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA 100シリーズに深刻な脆弱性-認証済みリモートコード実行の恐れ(CVE-2025-40599) #セキュリティ対策Lab #セキュリティ #Security https://t.co/u0CytiXjCv
@securityLab_jp
29 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical SonicWall SMA Vulnerability CVE-2025-40599: What You Need to Know | 25-07-2025 Source: https://t.co/dEwXTeUpRk Key details below ↓ 🧑💻Actors/Campaigns: Unc6148 💀Threats: Overstep, Abyss_locker, Vsociety, 🎯Victims: Organiz
@rst_cloud
26 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Sonicwall fixes critical flaw in SMA #appliances, urges customers to check for compromise (#CVE-2025-40599) https://t.co/OgbbppcSsC
@ScyScan
26 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks SonicWall patched CVE-2025-40599 (CVSS 9.1), a critical file upload flaw in SMA 100 appliances exploited by threat group UNC6148. Using stolen admin credentials, the group deployed OVERSTEP, a
@dCypherIO
25 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall Hit by Overstep #Malware: Critical #CVE-2025-40599 Flaw Exploited in Stealth Attacks https://t.co/IPnw8kv3Or
@UndercodeNews
25 Jul 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall urges patching SMA 100 series for critical vulnerability CVE-2025-40599. Clorox sues Cognizant over cyberattack damages, claiming $49 million direct losses and $380 million total, while Cognizant asserts no responsibility. #Security https://t.co/v1CZnpidZ9
@Strivehawk
24 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**SonicWall patches critical file upload flaw that enables remote code execution** SonicWall's urging customers to patch CVE-2025-40599 in SMA 100 devices, which lets attackers with admin access upload malicious files for remote code execution. https://t.co/bmV2oEIBtn
@DanielMiessler
24 Jul 2025
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sophos Firewall and SonicWall SMA 100 Series have critical vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-40599) enabling remote code execution. Although affecting a small percentage, immediate patches are advised. #SecurityUpdate #Firewalls https://t.co/MdFIZD93IL
@TweetThreatNews
24 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 خطر جدی برای دستگاههای SonicWall SMA 100! حفره امنیتی CVE-2025-40599 با نمره CVSS 9.1 میتواند منجر به اجرای کد از راه دور شود. بهروزرسانیهای امنیتی جدید را نصب کرده
@Cyber_Sonar
24 Jul 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SonicWall urges immediate patching of SMA 100 devices to address CVE-2025-40599, a critical flaw enabling remote code execution via unauthenticated file uploads. Threat actors are exploiting stolen credentials to deploy ransomware. #SonicWall #Overstep https://t.co/stGDiyxjLp
@TweetThreatNews
24 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall advises customers to patch SMA 100 series appliances against CVE-2025-40599 vulnerability, which allows remote code execution. Users should enhance security by changing passwords, enforcing MFA, and enabling WAF. #Security https://t.co/cGt1V2Cs5r
@Strivehawk
24 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Sonicwall corrige una vulnerabilidad crítica en dispositivos Secure Mobile Access (SMA) 100 Series ⚠️ CVE-2025-40599 https://t.co/ozE57740UG https://t.co/aDifk8BOhO
@elhackernet
24 Jul 2025
1996 Impressions
2 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
SonicWall patches a critical vulnerability (CVE-2025-40599) in SMA 100 gateways that enables remote file uploads and code execution. Recent Overstep malware attacks exploited admin credentials. Organizations should update and monitor. #ZeroDay #Overstep https://t.co/4jVX0DBp1S
@TweetThreatNews
24 Jul 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786BB26D-B943-4564-B8CC-3260EF2AACED",
"versionEndExcluding": "10.2.2.1-90sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "057D8219-D4F0-49FB-8EE4-6BBBDAED49DB",
"versionEndExcluding": "10.2.2.1-90sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3418E737-CB38-4736-9725-AD05A1AB29CF",
"versionEndExcluding": "10.2.2.1-90sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]