Home

Description

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-23 | Updated 2025-07-29 | Assigner sonicwall

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unknown

10.2.1.15-81sv and earlier versions
affected

Credits

Sina Kheirkhah finder

References

labs.watchtowr.com/...596-cve-2025-40597-and-cve-2025-40598/ exploit

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 vendor-advisory

cve.org (CVE-2025-40598)

nvd.nist.gov (CVE-2025-40598)

Download JSON