SonicWall warns of Critical RCE vulnerability on SMA 100 VPN
SonicWall warns of Critical RCE vulnerability on SMA 100 VPN
SonicWall warns of Critical RCE vulnerability on SMA 100 VPN
Information
SonicWall is a company specializing in network security, providing both hardware and software solutions to help protect organizations from cyber threats such as viruses, malware, hacking, and unauthorized system access.
Incident
SonicWall has issued a security advisory urging users of SMA 100 series devices to immediately install the latest patch to fix a critical vulnerability that allows hackers to upload malicious files via the device’s web interface and execute remote code (Remote Code Execution).This vulnerability is identified as CVE-2025-40599 and is caused by a flaw in the web management interface, which allows users with administrator privileges to upload arbitrary files into the system.The affected devices are limited to SMA 210, SMA 410, and SMA 500v, and do not include the SMA 1000 series or SSL-VPN functionality on firewall
devices.Although there have been no confirmed reports of exploitation at this time, SonicWall has warned that attackers are beginning to target SMA 100 series devices using stolen user credentials to gain access to systems.
Recommendation
- Immediately apply the latest patches for both physical and virtual SMA 100 appliances.
- Inspect both virtual and hardware SMA 100 devices for any evidence of unauthorized access or unusual activity in the event logs.
- Contact SonicWall support immediately if any suspicious behavior is detected.
- Restrict external access to the management interface.
- Reset all passwords and reconfigure OTP for both regular users and administrators.
- Enable Multi-Factor Authentication (MFA).
- lt is recommended to activate the Web Application Firewall (WAF) for an additional layer of security.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)
References
- https://www.techtalkthai.com/sonicwall-critical-rce-vulnerability-sma-100-vpn-appliances/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2025-7918 |
21/07/2025 |
21/07/2025 |
WinMatrix Web version 1.2.39.5 |
SQL Injection |
9.8 |
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents |
Update to version 1.3.1 |
|
| 2 |
CVE-2025-7344 |
08/07/2025 |
21/07/2025 |
Digiwin EAI |
Privilege Escalation |
8.8 |
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API. |
Update to the latest version |
|
| 3 |
CVE-2025-5024 |
21/05/2025 |
21/07/2025 |
Red Hat Enterprise 8,9,10 |
Resource Exhaustion |
7.4 |
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. |
Update to the latest patch |
https://app.opencve.io/cve/CVE-2025-5024
|
| 4 |
CVE-2025-49746 |
18/05/2025 |
18/05/2025 |
Azure Machine Learning |
Privilege Escalation |
9.9 |
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
Update to the latest patch |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49746 |
| 5 |
CVE-2025-36097 |
16/05/2025 |
17/05/2025 |
IBM WebSphere Application |
Stack-based Buffer Overflow |
7.5 |
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. |
-WebSphere Application Server Liberty 17.0.0.3 to 25.0.0.7 : Upgrade to 25.0.0.8 or higher |
https://www.ibm.com/support/pages/node/7239856 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Attacks with Squid Loader malware hit Hong Kong finance orgs |
17/07/2025 |
Phishing, Malware |
Threat actors leveraged Mandarin spear-phishing emails spoofing financial organizations with an invoice-spoofing RAR archive, which contains a Microsoft Word file-impersonating PE binary that executes SquidLoader, a report from Trellix revealed. Aside from unpacking itself for internal payload decryption and using obfuscated code for critical Windows API resolution, SquidLoader also commences a stack-based structure for operational data storage and runs various routines to circumvent analysis tools before retrieving the Cobalt Strike beacon from a remote command-and-control server. While Hong Kong has been primarily focused by the attack campaign, other SquidLoader samples suggest potentially ongoing intrusions in Australia and Singapore. Organizations have been urged to bolster behavioral analysis, endpoint tracking, and email filtering measures to better combat the threat posed by SquidLoader. |
|
05 August 2025
Viewed 198 time
