Path Traversal in Sonicwall Sma100

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.010 (77.3th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.14-75sv and earlier versions

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 (vendor-advisory)