CVE-2025-27533 – Apache ActiveMQ Vulnerability
May 8, 2025Multiple WordPress Plugins Vulnerabilities
May 8, 2025CVE-2025-27533 – Apache ActiveMQ Vulnerability
May 8, 2025Multiple WordPress Plugins Vulnerabilities
May 8, 2025Severity
High
Analysis Summary
CVE-2025-32819 CVSS:8.8
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2025-32820 CVSS:8.3
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
CVE-2025-32821 CVSS:6.7
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-32819
CVE-2025-32820
CVE-2025-32821
Affected Vendors
Affected Products
- Sonicwall SMA100 Firmware - 10.2.1.14-75sv
Remediation
Refer to SonicWall Security Advisory for patch, upgrade, or suggested workaround information.