SonicWall urges admins to patch VPN flaw exploited in attacks

SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks. Discovered and reported by Rapid7 cybersecurity researcher Ryan Emmons, the three security flaws (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) can be chained by attackers to gain remote code execution as root and compromise vulnerable instances. The vulnerabilities impact SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and are patched in firmware version 10.2.1.15-81sv and higher. "SonicWall strongly advises users of the SMA 100 series products (SMA 200, 210, 400, 410, and 500v) to upgrade to the mentioned fixed release version to address these vulnerabilities," SonicWall said in a Wednesday advisory. Successful exploitation of CVE-2025-32819 allows threat actors to delete the primary SQLite database, reset the password of the default SMA admin user, and log in as admin to the SMA web interface. Ne ... Read full article.