SonicWall Patches Critical SMA Flaw (CVE-2025-40599) – Check Now

SonicWall has issued an urgent security alert for users of its Secure Mobile Access (SMA) 100 Series devices, urging immediate action to address a critical vulnerability labeled CVE-2025-40599. The flaw poses serious risks, including potential remote code execution, and impacts SMA 210, 410, and 500v appliances running outdated firmware versions.

Though no active exploitation has been confirmed, Google’s Threat Intelligence Group uncovered a six-month-long campaign targeting end-of-life SMA devices with the OVERSTEP backdoor. Attackers have been leveraging administrative access, possibly through a zero-day exploit, to deploy malicious payloads. While it remains unclear whether CVE-2025-40599 was involved, the urgency to patch cannot be overstated.

The vulnerability stems from a weakness in the SMA 100 series web management interface, allowing attackers with admin privileges to upload arbitrary files. This could lead to full system compromise. Affected firmware versions include 10.2.1.15-81sv and earlier, with no temporary fixes available. The only solution is upgrading to firmware version 10.2.2.1-90sv or later.

Before applying updates, organizations should scrutinize logs for signs of unauthorized access, referencing indicators provided by Google. Post-upgrade, SonicWall recommends several critical steps:

To reduce potential security risks, remote management should be disabled on external network interfaces. SonicWall confirmed their SMA1000 series appliances and SSL-VPN firewall services remain unaffected by this specific vulnerability. Organizations using SMA 100 Series devices need immediate action to protect their infrastructure, as postponing critical updates may expose networks to advanced cyber threats. Staying informed through real-time security notifications helps maintain awareness of evolving risks. Implementing proactive security measures remains vital for preventing potential breaches.

(Source: HelpNet Security)