BURSTCritical security vulnerabilities affecting SonicWall SMA 100 series SSL-VPN appliances that could allow remote attackers to execute arbitrary JavaScript code and potentially achieve code execution without authentication.
The vulnerabilities affect SMA 210, 410, and 500v models running firmware version 10.2.1.15-81sv and earlier, exposing organizations to significant security risks.
Key Takeaways
1. SonicWall SMA 100 series has three vulnerabilities enabling remote code execution without authentication.
2. Upgrade to firmware 10.2.2.1-90sv or higher immediately.
3. Use multi-factor authentication and Web Application Firewall until patched.
Buffer Overflow and XSS Vulnerabilities
The security advisory reveals three distinct vulnerabilities with varying severity levels. CVE-2025-40596 represents a pre-authentication stack-based buffer overflow vulnerability in the SMA100 series web interface, classified under CWE-121 with a CVSS score of 7.3.
This flaw enables remote, unauthenticated attackers to cause Denial of Service (DoS) conditions or potentially execute arbitrary code on affected systems.
Similarly, CVE-2025-40597 exposes a heap-based buffer overflow vulnerability, categorized under CWE-122, also carrying a CVSS score of 7.3.
Both buffer overflow vulnerabilities share the same CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating network-based attacks with low complexity requirements and no authentication prerequisites.
The third vulnerability, CVE-2025-40598, presents a reflected cross-site scripting (XSS) flaw classified under CWE-79 with a CVSS score of 6.3.
This vulnerability allows remote unauthenticated attackers to execute arbitrary JavaScript code, though it requires user interaction as indicated by its CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.
| CVE | Title | CVSS 3.1 Score | Severity |
| CVE-2025-40596 | Pre-Authentication Stack-Based Buffer Overflow Vulnerability | 7.3 | High |
| CVE-2025-40597 | Pre-Authentication Heap-Based Buffer Overflow Vulnerability | 7.3 | High |
| CVE-2025-40598 | Reflected Cross-Site Scripting (XSS) Vulnerability | 6.3 | Medium |
Mitigations
SonicWall strongly recommends immediate upgrading to firmware version 10.2.2.1-90sv or higher to address these vulnerabilities.
The company emphasizes that SonicWall SSL VPN SMA1000 series products and SSL-VPN functionality on SonicWall firewalls remain unaffected by these security flaws.
As interim security measures, SonicWall advises enabling multi-factor authentication (MFA) as a crucial safeguard against credential theft, whether implemented directly on the appliance or through organizational directory services.
Additionally, organizations should activate the Web Application Firewall (WAF) feature on SMA100 devices to provide additional protection layers.
Security researcher Sina Kheirkhah from watchTower has been credited with discovering these vulnerabilities.
Currently, SonicWall reports no evidence of active exploitation in the wild, though the pre-authentication nature of these flaws makes immediate patching essential for maintaining network security posture.
Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now
The post SonicWall SMA 100 Vulnerabilities Let Attackers Execute Arbitrary JavaScript Code appeared first on Cyber Security News.