SonicWall on Wednesday introduced patches for 3 vulnerabilities in its Safe Cell Entry (SMA) 100 collection home equipment that might result in distant code execution (RCE).
The primary of the bugs, tracked as CVE-2025-32819 (CVSS rating of 8.8), is an arbitrary file delete difficulty that may be exploited by authenticated attackers with person privileges.
An attacker might bypass the system’s path traversal checks and delete an arbitrary file, which might result in the equipment rebooting to manufacturing unit default settings, SonicWall explains in its advisory.
Rapid7, which warns that CVE-2025-32819 has been exploited as a zero-day, explains that the flaw is probably going a bypass for a 2021 patch resolving an unauthenticated arbitrary file delete defect.
Utilizing a sound low-privilege session cookie, an attacker can bypass the examine added by SonicWall to resolve the preliminary vulnerability, to delete any file as root and escalate their privileges to administrator.
“Based mostly on recognized (personal) IOCs and Rapid7 incident response investigations, we consider this vulnerability could have been used within the wild,” the cybersecurity agency says.
Rapid7 has not shared any details about these assaults and SonicWall’s advisory doesn’t point out in-the-wild exploitation.
The second difficulty, tracked as CVE-2025-32820 (CVSS rating of 8.3), permits a distant attacker with person privileges to inject “a path traversal sequence to make any listing on the SMA equipment writable”.Commercial. Scroll to proceed studying.
Profitable exploitation of the bug might additionally permit an attacker to overwrite any file on the system with junk contents, as root, making a persistent denial of service (DoS) situation, Rapid7 says.
Tracked as CVE-2025-32821 (CVSS rating of 6.7), the third flaw permits a distant, authenticated attacker with person privileges to “inject shell command arguments to add a file on the equipment”, SonicWall says.
In response to Rapid7, an attacker can exploit the defect to add the file anyplace on the system. The file is below the attacker’s management and the ‘no one’ person can write to it.
“It’s additionally potential to repeat present recordsdata that the ‘no one’ person can learn, akin to ‘/ and many others / passwd’ or the appliance’s SQLite database, to the online root listing for information exfiltration,” the cybersecurity agency says.
Rapid7 warns that an attacker authenticated as an SSLVPN person can chain these safety defects to “make a delicate system listing writable, elevate their privileges to SMA administrator, and write an executable file to a system listing,” to realize root-level RCE.
SonicWall has launched software program model 10.2.1.15-81sv to deal with the vulnerabilities in its SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v safe distant entry merchandise. Customers are suggested to replace their home equipment as quickly as potential.
Associated: PoC Printed for Exploited SonicWall Vulnerabilities
Associated: SonicWall Flags Two Extra Vulnerabilities as Exploited
Associated: SonicWall Flags Previous Vulnerability as Actively Exploited
Associated: SonicWall Patches Excessive-Severity Vulnerability in NetExtender
