This vulnerability involves improper neutralization of special elements in SQL commands (CWE-89) within SonicWall SMA1000 appliances. An attacker who already has read-only administrator access can exploit this flaw to perform SQL injection, thereby escalating their privileges to primary administrator. The affected versions include 12.4.3-03245 (platform-hotfix) and earlier, and 12.5.0-02283 (platform-hotfix) and earlier. The CVSS v3.1 base score is 7.2, indicating high severity, with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability.

Successful exploitation allows an attacker with read-only administrator privileges to escalate to primary administrator, potentially gaining full control over the affected SonicWall SMA1000 appliance. This can lead to complete compromise of the device's security functions, impacting confidentiality, integrity, and availability of the system.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, limit read-only administrator access to trusted personnel only and monitor for unusual privilege escalation attempts. Do not assume the vulnerability is mitigated without vendor confirmation.