CVE-2025-40599 | THREATINT

Description

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-23 | Updated 2025-07-25 | Assigner sonicwall

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unknown

10.2.1.15-81sv and earlier versions

affected

Credits

Dawid Skomski of SonicWall PSIRT finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014 vendor-advisory

cve.org (CVE-2025-40599)

nvd.nist.gov (CVE-2025-40599)

Download JSON