CVE-2025-32820

Name of the Vulnerable Software and Affected Versions SMA100 versions 10.2.1.14-75sv and earlier

Description A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable.

Recommendations For SMA100 versions 10.2.1.14-75sv and earlier, update to a version later than 10.2.1.14-75sv to resolve the issue. As a temporary workaround, consider restricting access to SSLVPN user privileges to minimize the risk of exploitation. Restrict access to sensitive directories on the SMA appliance to prevent potential path traversal attacks.