CVE-2025-40599

CVE-2025-40599

Vendor Sonicwall
Product SMA 100 Series
Weakness CWE-434 · Unrestricted file upload
Published July 23, 2025
Last update July 25, 2025

CVSS base score

What the vulnerability does

01Description

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
July 25, 2025 Record updated