SonicWall Patches Critical Vulnerabilities in SMA 100 Series Appliances

SonicWall has released security updates for its Secure Mobile Access (SMA) 100 series appliances, addressing three vulnerabilities that could be exploited by attackers to achieve remote code execution, SecurityWeek reports. The most severe of these, CVE-2025-32819, carries a CVSS score of 8.8 and stems from an arbitrary file deletion issue. Exploitation requires authentication, but successful abuse could reset affected appliances to factory settings—posing a significant disruption to remote access infrastructure.

Rapid7, which has been monitoring the issue, says CVE-2025-32819 may be a bypass of a previous 2021 fix and appears to have been used in active exploitation. The vulnerability allows low-privilege users to delete arbitrary files as root by bypassing path traversal checks, potentially escalating privileges to administrator. While SonicWall’s advisory does not confirm active exploitation, Rapid7’s investigation suggests the flaw has been seen in the wild.

Two additional flaws—CVE-2025-32820 and CVE-2025-32821—further widen the attack surface. The former enables path traversal that can make arbitrary directories writable, possibly leading to denial-of-service conditions. The latter allows shell command injection to upload attacker-controlled files anywhere on the system. Together, these bugs can be chained to gain root-level access, create persistent backdoors, or exfiltrate sensitive system data. SonicWall has urged its customers using SMA 200, 210, 400, 410, and 500v appliances to immediately apply the patched software version 10.2.1.15-81sv.