Product Notice: SMA100 Post-Authentication Arbitrary File Upload Vulnerability

1753247388

Overview

CVE-2025-40599
CVSS score 9.1

An authenticated arbitrary file upload vulnerability has been identified in the SMA 100 series web management interface. A remote attacker with administrative priviliges could exploit this issue to upload arbitrary files to the system, which may result in remote code execution.

Product Impact

Please review the table below to see the products and their versions that are impacted:

Affected Product(s)	Affected Versions
SMA 100 Series (SMA 210, 410, 500v)	10.2.1.15-81sv and earlier versions.

NOTE: This vulnerability does not affect SonicWall SSL VPN SMA1000 series products or SSL-VPN running on SonicWall firewalls.

Workaround

None

Remedition

SonicWall strongly recommends that users of SMA 100 series products (SMA 210, 410, and 500v) upgrade to the specified fixed release version to mitigate these vulnerabilities.

Fixed Product(s)	Fixed Versions
SMA 100 Series (SMA 210, 410, 500v)	10.2.2.1-90sv and higher versions.

Related information

Previous Alert
June 5, 2025
Product Notice: SMA 1000 Series affected by Server-Side Request Forgery Vulnerability
Read More
Next Alert
August 22, 2025
Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity
Read More