CVE-2025-40599 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
sonicwall	CNA	---				---
CISA-ADP	ADP	9.1 CRITICAL	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Vulnerability Media Exposure

[GERMAN] SonicWall SMA 100 Serie: Mehrere Schwachstellen
Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in der SonicWall SMA 100 Serie ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen.
Published: 2025-07-23T22:00:00+00:00
[GERMAN] Sonicwall SMA100: Drei Produkte von kritischer Lücke betroffen – jetzt updaten
In den Fernzugriffslösungen SMA 210, 410 und 500v der Sonicwall SMA100er-Serie klafft eine Sicherheitslücke. Der Hersteller rät zum zügigen Update.
Published: 2025-07-24T14:31:00+00:00
[ENGLISH] Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.  The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
Published: 2025-07-24T19:44:00+05:30

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014