Server-Side Request Forgery Vulnerability in SMA1000 Appliance by SonicWall
CVE-2025-2170

7.2HIGH

Key Information:

Vendor: Sonicwall
Status: Sma1000
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-2170?

A Server-side Request Forgery (SSRF) vulnerability has been detected in the SMA1000 Appliance Work Place interface. Under specific conditions, this vulnerability can be exploited by a remote, unauthenticated attacker, allowing them to direct the appliance to send requests to unintended locations outside of its intended communication. This may lead to unauthorized data access or exposure to further attacks, highlighting the importance of securing network environments and maintaining regular updates.

Affected Version(s)

SMA1000 Linux 12.4.3-02907 (platform-hotfix) and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025

Sonicwall

What is CVE-2025-2170?

Affected Version(s)

References

CVSS V3.1

Timeline