CVE-2025-40599 is a critical vulnerability affecting SonicWall SMA 100 series appliances (SMA 210, 410, and 500v). This flaw is an authenticated arbitrary file upload vulnerability in the web management interface, which could allow a remote attacker with administrative privileges to upload malicious files and potentially achieve remote code execution.
Although SonicWall has stated that there is no current evidence of in-the-wild exploitation and that administrative credentials are required for exploitation, the Google Threat Intelligence Group (GTIG) has highlighted potential risks. GTIG notes that these devices are already being targeted in attacks leveraging compromised credentials to deploy new OVERSTEP rootkit malware.
See the resource center.
Status
Research began today, August 4, 2025. Detections are expected by August 7, 2025.
Feedback
0 comments
Please sign in to leave a comment.