CVE-2025-40595 - AskarLabs CVE Database

CVE-2025-40595

Vendor Sonicwall

Product SMA1000

Weakness CWE-918 · SSRF

Published May 14, 2025

Last update May 14, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Key dates

02Disclosure timeline

May 14, 2025 CVE published

May 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40595 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2024-9410 Ada.cx SSRF via Sentry Misconfiguration CVE-2023-6124 Server-Side Request Forgery (SSRF) in salesagility/suitecrm CVE-2024-53705 CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget