CVE-2025-40603

Published Oct 31, 2025

Last updated 4 months ago

CVSS medium 4.5

Overview

Description
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
sma_210_firmware, sma_410_firmware, sma_500v_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.5
Impact score
3.6
Exploitability score
0.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

PSIRT@sonicwall.com
CWE-532

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.CVE-2025-40598
  2. A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.CVE-2025-40597
  3. A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.CVE-2025-40596
  4. An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.CVE-2025-40599
  5. A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.CVE-2024-45319

References

Sources include official advisories and independent security research.