Severity
High
Analysis Summary
CVE-2025-40597 CVSS:7.3
Sonicwall SMA 100 Series is vulnerable to a heap-based buffer overflow vulnerability in the web interface. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVE-2025-40598 CVSS:6.3
Sonicwall SMA 100 Series is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web interface. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2025-40596 CVSS:7.3
Sonicwall SMA 100 Series is vulnerable to a stack-based buffer overflow vulnerability in the web interface. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVE-2025-40599 CVSS:9.1
Sonicwall SMA 100 Series could allow a remote authenticated attacker to upload arbitrary files, caused by an error in the web management interface. An attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Denial of Service
- Buffer Overflow
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-40597
CVE-2025-40598
CVE-2025-40596
CVE-2025-40599
Affected Vendors
Affected Products
- SonicWall SMA 100 Series 10.2.1.15-81sv
Remediation
Refer to Sonicwall Website for patch, upgrade, or suggested workaround information.