Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series
CVE-2025-40599

9.1CRITICAL

Key Information:

Vendor: Sonicwall
Status: Sma 100 Series
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-40599?

An arbitrary file upload vulnerability exists in SonicWall's SMA 100 series web management interface. This flaw allows a remote attacker with administrative privileges to upload arbitrary files, which can lead to potential remote code execution. Organizations using the SMA 100 Series are advised to evaluate their security posture and take the necessary measures to mitigate this risk.

Affected Version(s)

SMA 100 Series Linux 10.2.1.15-81sv and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Dawid Skomski of SonicWall PSIRT

Sonicwall

What is CVE-2025-40599?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit