Heap-based Buffer Overflow in SMA100 Series Web Interface by SonicWall
CVE-2025-40597

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sma 100 Series
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-40597?

A vulnerability in the SMA100 series web interface permits an unauthenticated remote attacker to exploit a heap-based buffer overflow. This issue can lead to Denial of Service (DoS) conditions and could potentially enable the execution of arbitrary code, making it critical for users of impacted products to ensure timely updates and mitigations.

Affected Version(s)

SMA 100 Series Linux 10.2.1.15-81sv and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Sina Kheirkhah

Sonicwall

What is CVE-2025-40597?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit