CVE-2025-32819

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sonicwallCNA
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
sonicwallsma_100_firmware
𝑥
< 10.2.1.15-81sv
sonicwallsma_200_firmware
𝑥
< 10.2.1.15-81sv
sonicwallsma_210_firmware
𝑥
< 10.2.1.15-81sv
sonicwallsma_400_firmware
𝑥
< 10.2.1.15-81sv
sonicwallsma_410_firmware
𝑥
< 10.2.1.15-81sv
sonicwallsma_500v_firmware
𝑥
< 10.2.1.15-81sv
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011
https://old.rapid7.com/blog/post/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/