CVE-2025-40599 is a critical vulnerability affecting SonicWall SMA 100 series appliances (SMA 210, 410, and 500v). This flaw is an authenticated arbitrary file upload vulnerability in the web management interface, which could allow a remote attacker with administrative privileges to upload malicious files and potentially achieve remote code execution.
Although SonicWall has stated that there is no current evidence of in-the-wild exploitation and that administrative credentials are required for exploitation, the Google Threat Intelligence Group (GTIG) has highlighted potential risks. GTIG notes that these devices are already being targeted in attacks leveraging compromised credentials to deploy new OVERSTEP rootkit malware.
What To Do
- Upgrade immediately: Ensure your SonicWall SMA appliances are updated to version 10.2.2.1-90sv or higher.
- Implement Enhanced Security: Enforce Multi-Factor Authentication (MFA) to reduce risks associated with credential compromise.
- Monitor Activity: Review logs carefully for indicators of compromise or unusual activity.
Feedback
0 comments
Please sign in to leave a comment.