SonicWall Flaw Exposes Devices to Factory Reset Attacks
By Netvora Tech News
A critical vulnerability in SonicWall's SMA 100 gateways, which can cause a factory reset, has allegedly been exploited in attacks, according to security firm Rapid7. SonicWall released updates on Wednesday to address the issue. The SMA gateway allows employees to access their organization's networks and cloud environments from various devices, offering features such as VPN. In a security bulletin, SonicWall reported three vulnerabilities: CVE-2025-32819, CVE-2025-32820, and CVE-2025-3282. The first vulnerability, CVE-2025-32819, allows an authenticated VPN user to delete arbitrary files, leading to a factory reset. The impact of this vulnerability is rated 8.8 out of 10, with the score influenced by the fact that an attacker would need to possess a user's login credentials. However, this does not seem to be a deterrent for attackers. Based on known indicators of compromise and its own incident response research, Rapid7 believes that the CVE-2025-32819 vulnerability has likely been actively exploited. However, further details are not being disclosed. Rapid7 was the one that reported the three vulnerabilities to SonicWall. SonicWall is urging system administrators to install the available update and monitor for unauthorized login attempts.
What You Need to Know
- SonicWall SMA 100 gateways are vulnerable to a factory reset attack
- The vulnerability (CVE-2025-32819) allows an authenticated VPN user to delete arbitrary files
- The impact of the vulnerability is rated 8.8 out of 10
- SonicWall has released updates to address the issue
- Rapid7 believes the vulnerability has likely been actively exploited
Comments (0)
Leave a comment