Sonicwall: >> Sma8200v >> 12.5.0 Security Vulnerabilities
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVSS Score
7.2
EPSS Score
0.002
Published
2026-04-09
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-09
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-04-09
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
CVSS Score
6.6
EPSS Score
0.0
Published
2026-04-09
CVE-2025-40602
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Known exploited
CVSS Score
6.6
EPSS Score
0.004
Published
2025-12-18