CVE-2025-40602

Published Dec 18, 2025

Last updated 10 days ago

Exploit knownCVSS medium 6.6
SonicWall SMA1000

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-40602 is a local privilege escalation vulnerability affecting the Appliance Management Console (AMC) of SonicWall SMA 100 series appliances. The vulnerability stems from insufficient authorization checks, which could allow an attacker with local access to gain elevated privileges. SonicWall has released patches to address this vulnerability and is urging users to apply the updates immediately. This vulnerability has been exploited in the wild in conjunction with CVE-2025-23006, a previously patched remote code execution flaw, to achieve unauthenticated remote code execution with root privileges. It was reported by Clément Lecigne and Zander Work of Google Threat Intelligence Group. CISA has added CVE-2025-40602 to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to apply fixes by December 24, 2025.

Description
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
sma6200_firmware, sma6210_firmware, sma7200_firmware, sma7210_firmware, sma8200v

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.6
Impact score
5.9
Exploitability score
0.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
SonicWall SMA1000 Missing Authorization Vulnerability
Exploit added on
Dec 17, 2025
Exploit action due
Dec 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

Weaknesses

PSIRT@sonicwall.com
CWE-250

Social media

Hype score
Not currently trending

  1. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/MiDSSg5AuL https://t.co/uZlFOoGT5W

    @Trej0Jass

    28 Dec 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ SonicWall VPN exploits still raging end-2025: CVE-2025-40602 + CVE-2025-23006 = unauth root RCE. Ransomware groups (Fog/Akira) love edge devices for entry. My rule: Legacy firmware out – audited modern VPNs in. Patch or migrate? 👇 #CyberSec #VPN #Ransomware

    @ShieldMentor_

    27 Dec 2025

    76 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SonicWall corrige CVE-2025-40602 explotada activamente en SMA 100. ¡Aplica parches ya y refuerza autenticación! #Ciberseguridad #SonicWall https://t.co/OGV411A7RW

    @trustlock_sec

    25 Dec 2025

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 SonicWall Secure Mobile Access 1000 series [—] Dec 25, 2025 Comprehensive Security Advisory on Active Vulnerabilities (CVE-2025-40602, CVE-2025-23006), Exploitation Status, Impact Analysis, and Mitigation for SonicWall SMA 1000 Series Checkout our Threat Intelligence... ht

    @transilienceai

    25 Dec 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 SonicWall Patches Actively Exploited SMA 100 Flaw Used in Root RCE Chains SonicWall fixed CVE-2025-40602 (CVSS 6.6), a privilege-escalation issue in the SMA 100 Appliance Management Console, after reports of in-the-wild exploitation. The bug can be chained with the previousl

    @ThreatSynop

    24 Dec 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 SonicWall SMA1000 Under Active Exploitation: New AMC Priv-Esc Chained With Critical RCE SonicWall warned that CVE-2025-40602 (a local privilege escalation bug in the SMA1000 Appliance Management Console caused by insufficient authorization) has been exploited as a zero-day i

    @ThreatSynop

    23 Dec 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/SzF4ThHHDE https://t.co/IlsiT2zAMW

    @IT_Peurico

    23 Dec 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 1/6 🛡️ Story time: Last month, a colleague (enterprise admin) pinged me in panic. Their SonicWall VPN appliance got hit by the new CVE-2025-40602 exploit chain – unauth RCE root access. "How did this happen? We patched everything!" Thread on the wake-up call ↓ #

    @ShieldMentor_

    23 Dec 2025

    75 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  9. 🚨 𝐁𝐫𝐢𝐞𝐟 𝐒𝐮𝐦𝐦𝐚𝐫𝐲: 🚨 SonicWall released patches for an actively exploited Secure Mobile Access (SMA) 100 series vulnerability (CVE-2025-40602) that allows local privilege escalation due to insufficient authorization in the Appliance Managem

    @ThreatSynop

    20 Dec 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. SonicWall SMA1000 Exploit Chain: Attackers are using a new zero-day (CVE-2025-40602) combined with older flaws to compromise SonicWall Edge Access devices. This allows for privilege escalation and potential network entry.

    @PinkPinklava

    20 Dec 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. SonicWall patches critical privilege escalation flaw CVE-2025-40602 in SMA 1000 appliances, exploited alongside CVE-2025-23006 to gain root command execution. #SonicWallPatch #PrivilegeEscalation #USA https://t.co/Ot3yQ8tgh1

    @TweetThreatNews

    20 Dec 2025

    155 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 SonicWall SMA1000 admins: patch NOW. CVE-2025-40602 (AMC auth/priv-esc) is under active exploitation and can be chained for full compromise. Apply latest hotfix + restrict AMC/SSH exposure to admin IPs only. Source: https://t.co/JFC5k69cF4 #InfoSec #IncidentResponse https:/

    @SecureComputer0

    20 Dec 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/gpgb06xd7l https://t.co/RGz5N1pHKJ

    @secured_cyber

    19 Dec 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/eYLEfERz04 https://t.co/4aZB83HfKu

    @tgorospe

    19 Dec 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. SonicWall SMA1000 Under Active Attack — CVE-2025-40602 Privilege Escalation Exploited🚨 🔗𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗮𝗿𝘁𝗶𝗰𝗹𝗲👇 https://t.co/OybyIVg8eV https://t.co/dLsn98TW1S

    @jnrmanagement

    19 Dec 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/aIJWrlZTaS https://t.co/RcQ7hodJGu

    @pcasano

    18 Dec 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. SonicWall SMA 1000 Zero-Day Vulnerability Chain Grants Unauthenticated Root Control (Mandatory Patch for CVE-2025-40602). Read the full report on - https://t.co/PlJBIcWOzc https://t.co/AbCkC9vkCz

    @Iambivash007

    18 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/VRovby2MDi https://t.co/qxZyHse9xS

    @ggrubamn

    18 Dec 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/a0iIIaFlSF https://t.co/VfanLNYtjC

    @Art_Capella

    18 Dec 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. SonicWall patches critical CVE-2025-40602 vulnerability in SMA 100 appliances enabling local privilege escalation and potential remote code execution via CVE-2025-23006. Updates address affected versions. #SonicWallFix #LocalEscalation #USA https://t.co/sg8cqHpLeX

    @TweetThreatNews

    18 Dec 2025

    138 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. csirt_it: ‼️ #Exploited #Sonicwall: rilevato lo sfruttamento attivo, in catene d'attacco, della vulnerabilità CVE-2025-40602 che interessa i dispositivi della serie #SMA1000 Rischio: 🔴 Tipologia 🔸 Privilege Escalation 🔗 https://t.co/slSqZrIFUW ⚠… https://t.

    @Vulcanux_

    18 Dec 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. SonicWall SMA1000 flaw CVE-2025-40602 is under active exploit, enabling privilege escalation to admin access via the management console, per SonicWall PSIRT disclosure on Dec 17. #Vulnerability https://t.co/if9j99IFjS

    @threatcluster

    18 Dec 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨Alert🚨:CVE-2025-40602(Zero-Day) : Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE 📊23.9K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/jGrnMs1bXv 👇Query HUNTER : https://t.co/q9rtuGfZuz="SonicWall SMA1000"

    @HunterMapping

    18 Dec 2025

    2008 Impressions

    5 Retweets

    34 Likes

    14 Bookmarks

    1 Reply

    0 Quotes

  24. 🚨Alert🚨:CVE-2025-40602(Zero-Day) : Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE 📊1.3K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/jGrnMs1bXv 👇Query HUNTER : https://t.co/q9rtuGfZuz="SonicWall SMA1000" h

    @HunterMapping

    18 Dec 2025

    126 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 CISA reports Zero Day CVE-2025-40602 as being actively exploited in the wild! I've created a detection script here: https://t.co/SAowaDDc3y Patches and workaround are now available. Advisory from Sonicwall: https://t.co/OMzmm8TqrX https://t.co/hDVZ3vtO8H

    @rxerium

    18 Dec 2025

    2616 Impressions

    9 Retweets

    40 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 SonicWall SMA 100 users: CVE-2025-40602 is being exploited in the wild (LPE in AMC). Reportedly chained with CVE-2025-23006 to reach unauthenticated root RCE. Patch to 12.4.3-03245 / 12.5.0-02283. 🔗https://t.co/1YLQzEtRsi #SonicWall #CyberSecurity #VulnerabilityManagement

    @vulert_official

    18 Dec 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨Zero-Day🚨New Exploit Chain Alert for SonicWall SMA1000 CVE-2025-40602 (CVSS 6.6) – A sneaky local privilege escalation flaw in the Appliance Management Console due to missing authorization checks.The real kicker? Attackers are chaining it with the earlier CVE-2025-23006

    @zoomeye_team

    18 Dec 2025

    1588 Impressions

    8 Retweets

    25 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/NAoPWHGzff A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006. Key takeaways: CVE-2025-

    @f1tym1

    18 Dec 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Уязвимость CVE-2025-40602 в SonicWall SMA 100: что нужно знать https://t.co/qLPfomWjti https://t.co/lMdxBL7a5j

    @compileedge

    18 Dec 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに3件の追加。シスコ社複数製品のCVE-2025-20393、SonicWall SMA1000のCVE-2025-40602、ASUS Live UpdateのCVE-2025-59374。前者2つは対処期

    @__kokumoto

    18 Dec 2025

    4145 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    1 Reply

    1 Quote

  31. SonicWallがSMA 100のCVE-2025-40602を修正、悪用確認 https://t.co/nzzk3qj0PD #Security #セキュリティー #ニュース

    @SecureShield_

    18 Dec 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. SonicWallのゼロデイ脆弱性を悪用したパッチ適用(CVE-2025-40602) Exploited SonicWall zero-day patched (CVE-2025-40602) #HelpNetSecurity (Dec 17) https://t.co/Q1bvS3AmHy

    @foxbook

    18 Dec 2025

    253 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. SonicWall SMA 1000 zero-day (CVE-2025-40602) in the Appliance Management Console is being chained with CVE-2025-23006 for local privilege escalation. SonicWall urges immediate patching. #ZeroDay https://t.co/n88KFWmbK6

    @threatcluster

    17 Dec 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Security Bulletin: CVE-2025-40602 is a local privilege escalation vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC). SonicWall has released patches and hotfixes to remediate the issue. #RedLeggCTI #SonicWall ... https://t.co/PmwmS93ryD

    @RedLegg

    17 Dec 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. SonicWall patches actively exploited zero-day CVE-2025-40602 affecting Appliance Management Console, fixing deserialization of untrusted data risk. Users should update immediately. #ZeroDay https://t.co/1ryDxx0OES

    @threatcluster

    17 Dec 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🛡️ We added Cisco vulnerability CVE-2025-20393, SonicWall vulnerability CVE-2025-40602, and ASUS vulnerability CVE-2025-59374 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyberse

    @CISACyber

    17 Dec 2025

    4901 Impressions

    10 Retweets

    47 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  37. SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances https://t.co/VMTEV9bOug https://t.co/c5PND3TEZW

    @RigneySec

    17 Dec 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🛑 SonicWall patched an actively exploited flaw in SMA 100 series appliances. CVE-2025-40602 lets attackers escalate privileges via the management console and was chained with a prior bug for root access. Patches are now out for affected versions. 🔗 Read → https://t.co/

    @TheHackersNews

    17 Dec 2025

    10941 Impressions

    23 Retweets

    75 Likes

    9 Bookmarks

    1 Reply

    2 Quotes

  39. Actively exploited SonicWall zero-day patched (CVE-2025-40602) https://t.co/tIm0LDCV7s #HelpNetSecurity #Cybersecurity https://t.co/OtBBOwXy8X

    @PoseidonTPA

    17 Dec 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.