SonicWall on Wednesday introduced patches for a essential vulnerability in Safe Cellular Entry (SMA) 100 collection safe entry gateways, urging organizations to take instant motion within the wake of the just lately disclosed Overstep malware assaults.
The newly addressed flaw, tracked as CVE-2025-40599 (CVSS rating of 9.1), is described as an arbitrary file add situation within the SMA 100’s net administration interface.
The bug may be exploited by distant attackers to add arbitrary recordsdata to the system, which might result in distant code execution (RCE). The attackers want administrative privileges to take advantage of the safety defect, SonicWall’s advisory reads.
Patches for the vulnerability had been included in SMA 100 collection software program model 10.2.2.1-90sv, accessible for SMA 210, 410, and 500v merchandise. SonicWall SSL VPN SMA1000 collection merchandise and SSL-VPN operating on SonicWall firewalls aren’t affected.
In keeping with the corporate, there isn’t any proof that CVE-2025-40599 has been exploited within the wild. Nonetheless, in gentle of Google’s current report on UNC6148 assaults deploying Overstep malware on SMA 100 home equipment, it recommends that every one organizations take instant motion to safe their units.
Google found that the hackers have used compromised admin credentials to entry absolutely patched home equipment and infect them. The credentials had been probably obtained previous to the units being patched, by the exploitation of identified vulnerabilities comparable to CVE-2025-32819, CVE-2024-38475, CVE-2021-20035, CVE-2021-20038, and CVE-2021-20039.
As a result of the compromised credentials might be used to take advantage of the contemporary bug for RCE, organizations utilizing SMA 100 collection home equipment ought to hunt for IoCs related to UNC6148 assaults.
Organizations utilizing the SMA 500v digital product ought to backup the OVA file, export configurations, take away the VM and all related recordsdata, obtain a brand new OVA from SonicWall, deploy it in a hypervisor, and restore the configuration.Commercial. Scroll to proceed studying.
On Wednesday, SonicWall additionally introduced patches for 3 high-severity SMA 100 flaws, together with two buffer overflow points (CVE-2025-40596 and CVE-2025-40597) resulting in a denial-of-service (DoS) situation, and an XSS defect (CVE-2025-40598) resulting in the execution of arbitrary JavaScript code.
All three points may be focused remotely, with out authentication, however SonicWall says it has no proof of any of them being exploited within the wild.
Associated: SonicWall SMA Home equipment Focused With New ‘Overstep’ Malware
Associated: Doable Zero-Day Patched in SonicWall SMA Home equipment
Associated: PoC Revealed for Exploited SonicWall Vulnerabilities
Associated: SonicWall Flags Two Extra Vulnerabilities as Exploited
