CVE-2025-40599

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-23 14:15

Updated : 2025-11-06 16:41

NVD link : CVE-2025-40599

Mitre link : CVE-2025-40599

CVE.ORG link : CVE-2025-40599

JSON object : View

Products Affected

sonicwall

sma_410
sma_500v_firmware
sma_210_firmware
sma_210
sma_410_firmware
sma_500v

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-40599", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2025-07-23T14:15:33.090", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014", "tags": ["Vendor Advisory"], "source": "PSIRT@sonicwall.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@sonicwall.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution."}, {"lang": "es", "value": "Existe una vulnerabilidad de carga arbitraria de archivos autenticados en la interfaz de administraci\u00f3n web de la serie SMA 100. Un atacante remoto con privilegios administrativos puede explotar esta vulnerabilidad para cargar archivos arbitrarios al sistema, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-11-06T16:41:11.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "786BB26D-B943-4564-B8CC-3260EF2AACED", "versionEndExcluding": "10.2.2.1-90sv"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "057D8219-D4F0-49FB-8EE4-6BBBDAED49DB", "versionEndExcluding": "10.2.2.1-90sv"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3418E737-CB38-4736-9725-AD05A1AB29CF", "versionEndExcluding": "10.2.2.1-90sv"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@sonicwall.com"}