[CIVN-2025-0161] Multiple Vulnerabilities in Sonicwall
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Sonicwall
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
SonicOS SMA100 series products (SMA 210, 410, and 500v) prior to version 10.2.2.1-90sv
Overview
Multiple vulnerabilities have been reported in SonicWall products, which could be exploited by an attacker to execute arbitrary code, perform denial-of-service (DoS), or cross-site scripting (XSS) attacks on the targeted system.
Target Audience:
All end-users of organizations using SonicWall SMA100 series products.
Risk Assessment:
High risk of information disclosure and service disruption.
Impact Assessment:
Potential for unauthorized code execution, data theft, and system instability.
Description
Multiple vulnerabilities exist in SonicWall SMA100 series products due to stack-based buffer overflow, heap-based buffer overflow, and improper neutralization of input during web page generation.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, trigger denial-of-service conditions, or launch cross-site scripting (XSS) attacks on the affected system.
Solution
Apply the appropriate updates as mentioned in the SonicWall Security Bulletin.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012
Vendor Information
Sonicwall
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012
References
Sonicwall
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012
CVE Name
CVE-2025-40596
CVE-2025-40597
CVE-2025-40598
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiM2uQACgkQ3jCgcSdc
ys/O3w//a+3GPYzS5WAnBlG3X15SxHva/TN6LMgH8C2HQxjnDBdLO9oyq22ua5Bc
V5eBrl2vgdOtaWKulSwO787UQKBkbw+GpRGHTyscarNqfjFyNvnjcIoD+HTdJ77Z
AMl9jPP64o1UUTLYwgjhodn5vySQPyqVQGQgYXyQGeD/ZOVrJH6O071eDwDtuC8y
Mq3kk47V7ehYeS9HMLa5FWjMc8Wjtmwn13EJvS7ji6AOLhdn8aBvI9pA89LbWwKL
AgaDSmx34mqeEkzM0AwCnUmfPcwAz5utS9m1WtxRppoRKIFkDHqvHYXLHLwvwJ6S
UVKiWemSCKHVeBIx4MPmBf3bIYjg3Qw7UuYzJHiHQD73EZHFUvy2AuXqCJP+C4Tt
hsbsCfj134Yp9R6CHkGmUcNYQ5Diwb5zeyXupdgmB8GfFrDcDG1AWNlh5xHsOhI+
FF9v9/82njJ7ooQ+udYLOK94tQKqgcgPkGPy0NDwt+B/wz6IpJtHHckCAuK3x/ga
PhjEJto98+Vp6f89eyNa/d+UWhlzskokkVt77nimZPJF99zyulriro6U+KmqjvEG
jxVlKKoa8Fa1RiIXhs3HwADkOk9BjIPIKV75uHKEnrLjk7RKOXS1JIMrEA2cz50V
V59AeZ1zGM0dCl9poybjj7Wi2CdpKCmFIaTZK3fI93Mp3Pf5et8=
=Hyo+
—–END PGP SIGNATURE—–