Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

While attackers would need admin privileges for CVE-2025-40599 successful exploitation and SonicWall has yet to find evidence that this vulnerability is being actively exploited, it still warned customers to secure their devices, as SMA 100 appliances are already being targeted in attacks using compromised credentials. SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. In May, the company prompted customers to patch three security vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) that could be chained to gain remote code execution as root, one of which was tagged as exploited in attacks. The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices' web management interfaces, which can allow remote threat actors with administrative privileges to upload arbitrary files to the system. SonicWall 'strongly' advised customers using SMA 100 virtual or physical appliances to check them for indicators of compromise (IoCs) from GTIG's report by checking for unauthorized access and reviewing appliance logs and connection history for suspicious activity. Earlier this year, SonicWall flagged other security vulnerabilities exploited in attacks targeting its Secure Mobile Access (SMA) appliances. As Google Threat Intelligence Group (GTIG) researchers warned last week, an unknown threat actor, tracked as UNC6148, has been deploying a new rootkit malware called OVERSTEP on fully patched SonicWall SMA 100 Series devices. One month earlier, SonicWall tagged another SMA100 flaw (CVE-2021-20035) as exploited in remote code execution attacks since at least January 2025. While investigating these attacks, the investigators found evidence suggesting that the threat actor had stolen the credentials for the targeted appliance in January by exploiting multiple vulnerabilities (CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039, CVE-2025-32819). To secure their devices, users should limit remote management access on external interfaces, reset all passwords, and reinitialize OTP (One-Time Password) binding for both users and administrators.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 24 Jul 2025 11:20:18 +0000

Cyber News related to SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2022-49069 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices - While attackers would need admin privileges for CVE-2025-40599 successful exploitation and SonicWall has yet to find evidence that this vulnerability is being actively exploited, it still warned customers to secure their devices, as SMA 100 ...
1 month ago Bleepingcomputer.com CVE-2025-40599

SonicWall SMA VPN devices targeted in attacks since January - A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security ...
4 months ago Bleepingcomputer.com CVE-2021-20035

SonicWall OS Command Injection Vulnerability Exploited in the Wild - “During further analysis, SonicWall and trusted security partners identified that ‘CVE-2023-44221 – Post Authentication OS Command Injection’ vulnerability is potentially being exploited in the wild,” SonicWall stated in ...
4 months ago Cybersecuritynews.com CVE-2023-44221

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656

15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
5 months ago Cybersecuritynews.com

SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely - SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Discovered by security researcher Ronan Kervella of ...
3 months ago Cybersecuritynews.com

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com

178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656

SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
1 year ago Darkreading.com

SonicWall SMA 100 Vulnerabilities Let Attackers Execute Arbitrary JavaScript Code - Currently, SonicWall reports no evidence of active exploitation in the wild, though the pre-authentication nature of these flaws makes immediate patching essential for maintaining network security posture. The vulnerabilities affect SMA 210, 410, and ...
1 month ago Cybersecuritynews.com

CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild - On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation in the wild. “This ...
4 months ago Cybersecuritynews.com CVE-2021-20035

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
1 year ago Securityweek.com CVE-2022-22274 CVE-2023-0656

VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
1 year ago Bleepingcomputer.com CVE-2024-22245 CVE-2024-22250

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
6 months ago Cybersecuritynews.com CVE-2024-53704 Akira

Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
1 year ago Bleepingcomputer.com CVE-2023-48788 CVE-2024-21762 Volt Typhoon

SonicWall Alerts that Web Content Filtering is Not Working Properly on Windows 11 22H2 - Today, security hardware manufacturer SonicWall alerted customers of a limitation of the web content filtering feature on Windows 11, version 22H2 systems. SonicWall's Capture Client is a security solution for Windows and macOS that has Endpoint ...
2 years ago Bleepingcomputer.com

SonicWall: SMA100 VPN vulnerabilities now exploited in attacks - In January, SonicWall urged admins to patch a critical flaw in SMA1000 secure access gateways that was being exploited in zero-day attacks, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls ...
4 months ago Bleepingcomputer.com CVE-2021-20035

JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns - The report provides updated survey results and new findings to the company's biannual SME IT Trends Report, which was first released in June 2021. The latest edition of the report delves into the impact of artificial intelligence on identity ...
1 year ago Darkreading.com

Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OfBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Go.theregister.com CVE-2023-51467 CVE-2023-49070

Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Packetstormsecurity.com CVE-2023-51467 CVE-2023-49070

US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit

20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
5 months ago Cybersecuritynews.com

SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild - CISA has added the SonicWall SMA100 OS Command Injection Vulnerability, tracked as CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. While specific exploitation details remain limited, security firm watchTowr reported on May 1 ...
4 months ago Cybersecuritynews.com CVE-2023-44221