—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Sonicwall 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

SonicOS SMA100 series products (SMA 210, 410, and 500v) prior to version 10.2.2.1-90sv

Overview

Multiple vulnerabilities have been reported in SonicWall products, which could be exploited by an attacker to execute arbitrary code, perform denial-of-service (DoS), or cross-site scripting (XSS) attacks on the targeted system.

Target Audience:

All end-users of organizations using SonicWall SMA100 series products.

Risk Assessment:

High risk of information disclosure and service disruption. 

Impact Assessment:

Potential for unauthorized code execution, data theft, and system instability.

Description

Multiple vulnerabilities exist in SonicWall SMA100 series products due to stack-based buffer overflow, heap-based buffer overflow, and improper neutralization of input during web page generation.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, trigger denial-of-service conditions, or launch cross-site scripting (XSS) attacks on the affected system.

Solution

Apply the appropriate updates as mentioned in the SonicWall Security Bulletin.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

Vendor Information

Sonicwall

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

References

Sonicwall

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

CVE Name

CVE-2025-40596

CVE-2025-40597

CVE-2025-40598

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiM2uQACgkQ3jCgcSdc

ys/O3w//a+3GPYzS5WAnBlG3X15SxHva/TN6LMgH8C2HQxjnDBdLO9oyq22ua5Bc

V5eBrl2vgdOtaWKulSwO787UQKBkbw+GpRGHTyscarNqfjFyNvnjcIoD+HTdJ77Z

AMl9jPP64o1UUTLYwgjhodn5vySQPyqVQGQgYXyQGeD/ZOVrJH6O071eDwDtuC8y

Mq3kk47V7ehYeS9HMLa5FWjMc8Wjtmwn13EJvS7ji6AOLhdn8aBvI9pA89LbWwKL

AgaDSmx34mqeEkzM0AwCnUmfPcwAz5utS9m1WtxRppoRKIFkDHqvHYXLHLwvwJ6S

UVKiWemSCKHVeBIx4MPmBf3bIYjg3Qw7UuYzJHiHQD73EZHFUvy2AuXqCJP+C4Tt

hsbsCfj134Yp9R6CHkGmUcNYQ5Diwb5zeyXupdgmB8GfFrDcDG1AWNlh5xHsOhI+

FF9v9/82njJ7ooQ+udYLOK94tQKqgcgPkGPy0NDwt+B/wz6IpJtHHckCAuK3x/ga

PhjEJto98+Vp6f89eyNa/d+UWhlzskokkVt77nimZPJF99zyulriro6U+KmqjvEG

jxVlKKoa8Fa1RiIXhs3HwADkOk9BjIPIKV75uHKEnrLjk7RKOXS1JIMrEA2cz50V

V59AeZ1zGM0dCl9poybjj7Wi2CdpKCmFIaTZK3fI93Mp3Pf5et8=

=Hyo+

—–END PGP SIGNATURE—–