What is CVE-2025-2170?

CVE-2025-2170 is a vulnerability in Sonicwall Sma1000, classified under Server-Side Request Forgery (SSRF). Published 2025-04-30.

Is CVE-2025-2170 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Sonicwall Sma1000

CVE-2025-2170

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make re…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (28.0th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma1000 — versions 12.4.3-02907 (platform-hotfix) and earlier versions

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0008 (vendor-advisory)

Frequently asked questions

What is CVE-2025-2170?: CVE-2025-2170 is a vulnerability in Sonicwall Sma1000, classified under Server-Side Request Forgery (SSRF). Published 2025-04-30.
Is CVE-2025-2170 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.