RCE in Sonicwall Sma100

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (68.7th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.14-75sv and earlier versions

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 (vendor-advisory)