Product Notice: SMA 1000 Series affected by Server-Side Request Forgery Vulnerability
Overview
- CVE-2025-2170: Server-Side Request Forgery – CVSS Score: 7.2 (High)
SonicWall Secure Mobile Access 1000 Series 12.4.3-02907, including earlier versions, is affected by this vulnerability.
IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.
This vulnerability is unrelated to any other reported vulnerability on SonicOS SSL VPN or SMA 100 products.
Product Impact
Please review the table below to see the products and their versions that are impacted:
| Impacted Product(s) | Impacted Versions |
| SMA 1000 (6210, 7200, 7210, 8200v – all hypervisors) | 12.4.3-02907 and earlier versions |
Remediation
| Impacted Product(s) | Impacted Versions | Fixed Version |
| SMA 1000 (6210, 7200, 7210, 8200v – all hypervisors) | 12.4.3-02907 and earlier versions | 12.4.3-02925 (April hotfix) and higher versions |
SonicWall strongly advises Secure Mobile Access customers to upgrade to the latest release version.