SonicWall’s Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-2170, with a CVSS base score of 7.2.
The flaw in the SMA1000 appliances’ WorkPlace interface allows unauthenticated remote attackers to send unauthorized outbound requests to any destination under specific conditions.
By infosecbulletin
/ Friday , May 2 2025
Microsoft is focusing on eliminating password-based authentication, promoting passwordless sign-in and sign-up methods instead. For the past decade, Microsoft has...
Read More
By infosecbulletin
/ Friday , May 2 2025
SonicWall's Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a...
Read More
By infosecbulletin
/ Thursday , May 1 2025
On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively...
Read More
By infosecbulletin
/ Thursday , May 1 2025
Commvault confirmed that a sophisticated cyberattack exploiting a zero-day vulnerability breached its Azure cloud environment earlier this week. On February...
Read More
By infosecbulletin
/ Thursday , May 1 2025
Indian Pimpri Chinchwad police's cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh)...
Read More
By infosecbulletin
/ Thursday , May 1 2025
This week, Apple notified several individuals it believes were targeted by government spyware, according to two of those individuals. As...
Read More
By infosecbulletin
/ Wednesday , April 30 2025
Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database with 520,054 records from an event ticket resale platform and reported it...
Read More
By infosecbulletin
/ Wednesday , April 30 2025
Banglalink, the country’s leading digital operator, has launched bCloud, its very own cloud service brand aimed at delivering world-class cloud...
Read More
By infosecbulletin
/ Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
“A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location,” the advisory reads.
This vulnerability can be used to bypass access controls, scan internal networks, or extract data from restricted internal services.
Only the SonicWall SMA1000 series appliances are affected; SonicWall Firewalls and SMA 100 series are not impacted.
“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the advisory warns.
The recommended patch can be found on MySonicWall, SonicWall’s customer portal.
Ransomware Attack On Biopharma : Hacker seeks $80k