To gain root access, you only need to be an administrator or simply log in via SSL VPN.— SonicWall has fixed three critical vulnerabilities in SMA 100 secure remote access devices that could allow attackers to execute arbitrary code as root:
⏺ CVE-2025-32819 with a CVSS score of 8.8: allows a user with SSL VPN privileges to bypass path checking and delete an arbitrary file, which could lead to a factory reset of the device;
⏺ CVE-2025-32820 with a score of 8.3: allows path traversal to make any directory on the device writable;
⏺ CVE-2025-32821 with a score of 6.7: allows an SSL VPN administrator to inject command line arguments and upload a file to the device.
