SonicWall has released security patches to address three serious vulnerabilities affecting its SMA100 series SSL-VPN appliances, including two buffer overflow flaws that could potentially allow attackers to execute malicious code on unpatched systems.
The vulnerabilities, disclosed on July 23, 2025, affect popular enterprise security devices used by organizations worldwide to provide secure remote access to their networks.
Critical Buffer Overflow Vulnerabilities Discovered
The most severe issues involve pre-authentication buffer overflow vulnerabilities that could be exploited by remote attackers without requiring any credentials.
CVE-2025-40596, a stack-based buffer overflow, and CVE-2025-40597, a heap-based buffer overflow, both carry CVSS scores of 7.3 out of 10, indicating high severity.
These vulnerabilities exist in the web interface of SMA100 series appliances and could potentially allow attackers to cause denial-of-service conditions or execute arbitrary code.
Security researcher Sina Kheirkhah of watchTowr receives credit for discovering these critical flaws.
The vulnerabilities affect the SMA 210, 410, and 500V models running firmware version 10.2.1.15-81sv and earlier versions.
Additional Cross-Site Scripting Flaw
Along with the buffer overflow issues, SonicWall also patched CVE-2025-40598, a reflected cross-site scripting (XSS) vulnerability with a CVSS score of 6.3.
This flaw could allow unauthenticated attackers to execute arbitrary JavaScript code in users’ browsers, potentially leading to session hijacking or credential theft.
The XSS vulnerability requires user interaction, making it less severe than the buffer overflow flaws, but it still represents a significant security risk for organizations using affected appliances.
Immediate Patching Recommended
SonicWall strongly recommends that users upgrade to firmware version 10.2.2.1-90sv or higher to address these vulnerabilities.
The company emphasizes that there is currently no evidence of active exploitation in the wild, providing organizations with a window to implement patches before potential attacks occur.
For organizations that cannot immediately patch, SonicWall recommends enabling multi-factor authentication as a protective measure.
The company notes that MFA provides valuable protection against credential theft and represents a fundamental security best practice.
Additionally, enabling the Web Application Firewall (WAF) feature on SMA100 appliances can provide an extra layer of protection.
Enterprise Impact Considerations
The SMA100 series represents a significant portion of SonicWall’s SSL-VPN product line, making these vulnerabilities particularly concerning for enterprise security teams.
SSL-VPN appliances serve as critical gateway devices that provide remote access to corporate networks, making them attractive targets for cybercriminals and nation-state actors.
SonicWall confirmed that its SMA1000 series products and SSL-VPN functionality running on SonicWall firewalls are not affected by these particular vulnerabilities, limiting the scope of potential impact to the SMA100 series specifically.
Organizations using affected SMA100 appliances should prioritize applying the security updates to prevent potential compromise of their remote access infrastructure.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The vulnerabilities, disclosed on July 23, 2025, affect popular enterprise security devices used by organizations worldwide to provide secure remote access to their networks.){kind=link}