Information disclosure in Sonicwall Sma100

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.2.2-92sv and earlier versions

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0017 (vendor-advisory)