Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple vulnerabilities in SonicWall SMA100 SSL-VPN can be chained to fully compromise the device, Patch Immediately!
Image
Published : 08/05/2025
- Last update: 08/05/2025
- Affected software:
→ SonicWall SMA100 SSL-VPN 10.2.1.14-75sv and earlier versions.- Type: Authenticated Remote Attack
- CVE/CVSS
→ CVE-2025-32819: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-32820: CVSS 8.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
→ CVE-2025-32821: CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H)
Sources
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011
Risks
Successful exploitation of vulnerabilities in SonicWall SMA100 SSL-VPN (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) could allow remote authenticated attackers to delete arbitrary files, inject path traversal sequences to write arbitrary directories, or perform remote command injection, potentially compromising the entire device.
These vulnerabilities have a significant impact on confidentiality, integrity, and availability.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of active exploitation at the moment.
UPDATE: 18 June 2025
This vulnerability was recently added to CISA's Known Exploited Vulnerabilities (KEV) catalog. In addition, multiple trusted partner sources have confirmed that it is being actively exploited in the wild by financially motivated threat actors.
We strongly recommend applying the necessary patches without delay, as successful exploitation could severely disrupt business operations and compromise the Confidentiality, Integrity, and Availability (CIA) of your systems.
Description
Exploitation of vulnerabilities in SonicWall SMA100 SSL-VPN (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) allows remote authenticated attackers to:
→ Delete arbitrary files, potentially resetting the device (CVE-2025-32819).
→ Write to any directory on the appliance, compromising its integrity (CVE-2025-32820).
→ Inject shell commands, enabling arbitrary file uploads and further system compromise (CVE-2025-32821).
→ Escalate privileges, taking full control of the device.
→ Install malware for persistent access.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-32819
https://nvd.nist.gov/vuln/detail/CVE-2025-32820
https://nvd.nist.gov/vuln/detail/CVE-2025-32821