CVE-2025-32820

Description

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Affected products

SonicWall / SMA10010.2.1.14-75sv and earlier versions – 10.2.1.14-75sv and earlier versions

References

VENDOR_ADVISORYhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011