Reflected XSS Vulnerability in SMA100 Series Web Interface by SonicWall
CVE-2025-40598

6.1MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sma 100 Series
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-40598?

A reflected cross-site scripting (XSS) vulnerability has been identified in the web interface of the SMA100 series. This security flaw allows remote unauthenticated attackers to execute arbitrary JavaScript code in the browsers of users who visit a maliciously crafted URL. This may lead to data theft, session hijacking, or further exploitation of the affected systems.

Affected Version(s)

SMA 100 Series Linux 10.2.1.15-81sv and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Sina Kheirkhah