Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Multiple vulnerabilities in SonicWall SMA100 SSL-VPN can be chained to fully compromise the device, Patch Immediately!
Image
Veröffentlicht : 08/05/2025
- Last update: 08/05/2025
- Affected software:
→ SonicWall SMA100 SSL-VPN 10.2.1.14-75sv and earlier versions.- Type: Authenticated Remote Attack
- CVE/CVSS
→ CVE-2025-32819: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-32820: CVSS 8.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
→ CVE-2025-32821: CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H)
Sources
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011
Risks
Successful exploitation of vulnerabilities in SonicWall SMA100 SSL-VPN (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) could allow remote authenticated attackers to delete arbitrary files, inject path traversal sequences to write arbitrary directories, or perform remote command injection, potentially compromising the entire device.
These vulnerabilities have a significant impact on confidentiality, integrity, and availability.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of active exploitation at the moment.
Description
Exploitation of vulnerabilities in SonicWall SMA100 SSL-VPN (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821) allows remote authenticated attackers to:
→ Delete arbitrary files, potentially resetting the device (CVE-2025-32819).
→ Write to any directory on the appliance, compromising its integrity (CVE-2025-32820).
→ Inject shell commands, enabling arbitrary file uploads and further system compromise (CVE-2025-32821).
→ Escalate privileges, taking full control of the device.
→ Install malware for persistent access.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-32819
https://nvd.nist.gov/vuln/detail/CVE-2025-32820
https://nvd.nist.gov/vuln/detail/CVE-2025-32821