CVE-2025-40598

N/A

No CVSS

PUBLISHED

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to...

Vendor: SonicWall
Product: SMA 100 Series
Published: Jul 23, 2025
EPSS: —

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

Weaknesses (CWE)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS scores

No CVSS data available.

Exploitation status

No exploitation signals recorded yet.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

Vulnerability detail