Server-Side Request Forgery Vulnerability in SMA1000 Appliance Work Place Interface by SonicWall
CVE-2025-40595

7.2HIGH

Key Information:

Vendor: Sonicwall
Status: Sma1000
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-40595?

A server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, allowing remote attackers to leverage encoded URLs. This flaw may enable unauthorized requests to be sent to unintended locations, potentially leading to data leakage or exposure of internal services.

Affected Version(s)

SMA1000 Linux 12.4.3-02925 (platform-hotfix) and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Apr 16, 2025

Sonicwall

What is CVE-2025-40595?

Affected Version(s)

References

CVSS V3.1

Timeline