QwikSec

Security Database

CVE

CWE

Training

CVE-2025-40599

Published: Jul 23, 2025

Modified: Jul 25, 2025

PUBLISHED

Description

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

Vendor	Product	Versions
SonicWall	SMA 100 Series	affected `10.2.1.15-81sv and earlier versions`

Weaknesses (CWE)

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.