Details of VAR-202507-3132

ID

VAR-202507-3132

CVE

CVE-2025-40597

TITLE

plural SonicWALL Heap-based buffer overflow vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2025-011058

DESCRIPTION

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A heap-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-40597 // JVNDB: JVNDB-2025-011058

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 210	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma210	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma500v	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma410	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-011058 // NVD: CVE-2025-40597

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-40597
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-011058
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-40597
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-011058
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-011058 // NVD: CVE-2025-40597

PROBLEMTYPE DATA

problemtype:	CWE-122	Trust: 1.0
problemtype:	Heap-based buffer overflow (CWE-122) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-011058 // NVD: CVE-2025-40597

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40597	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-011058	Trust: 0.8

sources: JVNDB: JVNDB-2025-011058 // NVD: CVE-2025-40597

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40597	Trust: 0.8

sources: JVNDB: JVNDB-2025-011058 // NVD: CVE-2025-40597

SOURCES

db:	JVNDB	id:	JVNDB-2025-011058
db:	NVD	id:	CVE-2025-40597

LAST UPDATE DATE

2025-08-11T23:21:36.056000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-011058	date:	2025-08-08T08:14:00
db:	NVD	id:	CVE-2025-40597	date:	2025-08-07T14:36:16.930

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-011058	date:	2025-08-08T00:00:00
db:	NVD	id:	CVE-2025-40597	date:	2025-07-23T15:15:32.320