CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40595
https://notcve.org/view.php?id=CVE-2025-40595
14 May 2025 — A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0010 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32821
https://notcve.org/view.php?id=CVE-2025-32821
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32820
https://notcve.org/view.php?id=CVE-2025-32820
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32819
https://notcve.org/view.php?id=CVE-2025-32819
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2170
https://notcve.org/view.php?id=CVE-2025-2170
30 Apr 2025 — A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. • http://10.210.34.9/vuln-detail/SNWLID-2025-0008 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32818
https://notcve.org/view.php?id=CVE-2025-32818
23 Apr 2025 — A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32817 – SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-32817
16 Apr 2025 — A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23010
https://notcve.org/view.php?id=CVE-2025-23010
10 Apr 2025 — An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23009
https://notcve.org/view.php?id=CVE-2025-23009
10 Apr 2025 — A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23008
https://notcve.org/view.php?id=CVE-2025-23008
10 Apr 2025 — An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •