CVE-2025-40598

6.1

Medium

Published:23 Jul 2025

Last updated:17 Jun 2026

Source:PSIRT@sonicwall.com

Analyzed

Weakness (CWE)

CWE-79Cross-site Scripting (XSS)

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality: Low
Integrity: Low
Availability: None

View on MITRE Find PoC on GitHub

Description

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

References

PSIRT@sonicwall.com

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-dread-sonicwall-sma100-cve-2025-40596-cve-2025-40597-and-cve-2025-40598/