SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution.
The vulnerabilities are listed below:
By infosecbulletin
/ Sunday , July 12 2026
Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
By infosecbulletin
/ Sunday , July 12 2026
Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
By infosecbulletin
/ Sunday , July 12 2026
A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
By infosecbulletin
/ Saturday , July 11 2026
CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
By infosecbulletin
/ Friday , July 10 2026
Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
By infosecbulletin
/ Friday , July 10 2026
A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
By infosecbulletin
/ Thursday , July 9 2026
A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
By infosecbulletin
/ Wednesday , July 8 2026
CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
By infosecbulletin
/ Wednesday , July 8 2026
A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
By infosecbulletin
/ Wednesday , July 8 2026
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, which could cause the device to reset to factory default settings.
CVE-2025-32820 (CVSS score: 8.3): “A remote attacker with SSL-VPN user privileges can alter directory permissions on the SMA appliance.”
CVE-2025-32821 (CVSS score: 6.7): “A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN admin privileges to inject commands and upload a file to the appliance.”
“An attacker with access to an SMA SSL-VPN user account can chain these vulnerabilities to make a sensitive system directory writable, elevate their privileges to SMA administrator, and write an executable file to a system directory,” Rapid7 said in a report. “This chain results in root-level remote code execution.”
CVE-2025-32819 is seen as a way to bypass a fix for a previously found issue reported by NCC Group in December 2021.
Recent weeks have seen active exploitation of several security flaws in SMA 100 Series devices, including CVE-2021-20035, CVE-2023-44221, and CVE-2024-38475. Users should update to the latest version to ensure optimal protection.
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day