CVE-2025-40602
Published Dec 18, 2025
Last updated 3 months ago
- Description
- A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
- Source
- PSIRT@sonicwall.com
- NVD status
- Analyzed
- Products
- sma6200_firmware, sma6210_firmware, sma7200_firmware, sma7210_firmware, sma8200v
CVSS 3.1
- Type
- Secondary
- Base score
- 6.6
- Impact score
- 5.9
- Exploitability score
- 0.7
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- SonicWall SMA1000 Missing Authorization Vulnerability
- Exploit added on
- Dec 17, 2025
- Exploit action due
- Dec 24, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
- PSIRT@sonicwall.com
- CWE-250
- Hype score
- Not currently trending
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances SonicWall fixes active exploitation of CVE-2025-40602 in SMA 100 appliances. Vulnerability affects appliance management console (AMC) and local privilege escalation. Fix available now. https://t.co/GV6vRXOmh
@HackonomicNews
7 Jan 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA 100 の脆弱性 CVE-2025-40602 が FIX:ローカル権限昇格と悪用の確認 https://t.co/ZYfcwov8hg
@iototsecnews
5 Jan 2026
85 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CISA KEV] CISA KEV: CVE-2025-40602 - SonicWall SMA1000 appliance Key Details: SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. Recommended Action: Validate impact
@ox0ffff
4 Jan 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/0lAa114e20 https://t.co/dMpOWE6eYr
@dansantanna
31 Dec 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/MiDSSg5AuL https://t.co/uZlFOoGT5W
@Trej0Jass
28 Dec 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ SonicWall VPN exploits still raging end-2025: CVE-2025-40602 + CVE-2025-23006 = unauth root RCE. Ransomware groups (Fog/Akira) love edge devices for entry. My rule: Legacy firmware out – audited modern VPNs in. Patch or migrate? 👇 #CyberSec #VPN #Ransomware
@ShieldMentor_
27 Dec 2025
76 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall corrige CVE-2025-40602 explotada activamente en SMA 100. ¡Aplica parches ya y refuerza autenticación! #Ciberseguridad #SonicWall https://t.co/OGV411A7RW
@trustlock_sec
25 Dec 2025
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall Secure Mobile Access 1000 series [—] Dec 25, 2025 Comprehensive Security Advisory on Active Vulnerabilities (CVE-2025-40602, CVE-2025-23006), Exploitation Status, Impact Analysis, and Mitigation for SonicWall SMA 1000 Series Checkout our Threat Intelligence... ht
@transilienceai
25 Dec 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall Patches Actively Exploited SMA 100 Flaw Used in Root RCE Chains SonicWall fixed CVE-2025-40602 (CVSS 6.6), a privilege-escalation issue in the SMA 100 Appliance Management Console, after reports of in-the-wild exploitation. The bug can be chained with the previousl
@ThreatSynop
24 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall SMA1000 Under Active Exploitation: New AMC Priv-Esc Chained With Critical RCE SonicWall warned that CVE-2025-40602 (a local privilege escalation bug in the SMA1000 Appliance Management Console caused by insufficient authorization) has been exploited as a zero-day i
@ThreatSynop
23 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/SzF4ThHHDE https://t.co/IlsiT2zAMW
@IT_Peurico
23 Dec 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 🛡️ Story time: Last month, a colleague (enterprise admin) pinged me in panic. Their SonicWall VPN appliance got hit by the new CVE-2025-40602 exploit chain – unauth RCE root access. "How did this happen? We patched everything!" Thread on the wake-up call ↓ #
@ShieldMentor_
23 Dec 2025
75 Impressions
1 Retweet
3 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨 𝐁𝐫𝐢𝐞𝐟 𝐒𝐮𝐦𝐦𝐚𝐫𝐲: 🚨 SonicWall released patches for an actively exploited Secure Mobile Access (SMA) 100 series vulnerability (CVE-2025-40602) that allows local privilege escalation due to insufficient authorization in the Appliance Managem
@ThreatSynop
20 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA1000 Exploit Chain: Attackers are using a new zero-day (CVE-2025-40602) combined with older flaws to compromise SonicWall Edge Access devices. This allows for privilege escalation and potential network entry.
@PinkPinklava
20 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall patches critical privilege escalation flaw CVE-2025-40602 in SMA 1000 appliances, exploited alongside CVE-2025-23006 to gain root command execution. #SonicWallPatch #PrivilegeEscalation #USA https://t.co/Ot3yQ8tgh1
@TweetThreatNews
20 Dec 2025
155 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall SMA1000 admins: patch NOW. CVE-2025-40602 (AMC auth/priv-esc) is under active exploitation and can be chained for full compromise. Apply latest hotfix + restrict AMC/SSH exposure to admin IPs only. Source: https://t.co/JFC5k69cF4 #InfoSec #IncidentResponse https:/
@SecureComputer0
20 Dec 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/gpgb06xd7l https://t.co/RGz5N1pHKJ
@secured_cyber
19 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/eYLEfERz04 https://t.co/4aZB83HfKu
@tgorospe
19 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA1000 Under Active Attack — CVE-2025-40602 Privilege Escalation Exploited🚨 🔗𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗮𝗿𝘁𝗶𝗰𝗹𝗲👇 https://t.co/OybyIVg8eV https://t.co/dLsn98TW1S
@jnrmanagement
19 Dec 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/aIJWrlZTaS https://t.co/RcQ7hodJGu
@pcasano
18 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA 1000 Zero-Day Vulnerability Chain Grants Unauthenticated Root Control (Mandatory Patch for CVE-2025-40602). Read the full report on - https://t.co/PlJBIcWOzc https://t.co/AbCkC9vkCz
@cyberbivash
18 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/VRovby2MDi https://t.co/qxZyHse9xS
@ggrubamn
18 Dec 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/a0iIIaFlSF https://t.co/VfanLNYtjC
@Art_Capella
18 Dec 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SonicWall patches critical CVE-2025-40602 vulnerability in SMA 100 appliances enabling local privilege escalation and potential remote code execution via CVE-2025-23006. Updates address affected versions. #SonicWallFix #LocalEscalation #USA https://t.co/sg8cqHpLeX
@TweetThreatNews
18 Dec 2025
138 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Exploited #Sonicwall: rilevato lo sfruttamento attivo, in catene d'attacco, della vulnerabilità CVE-2025-40602 che interessa i dispositivi della serie #SMA1000 Rischio: 🔴 Tipologia 🔸 Privilege Escalation 🔗 https://t.co/slSqZrIFUW ⚠… https://t.
@Vulcanux_
18 Dec 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA1000 flaw CVE-2025-40602 is under active exploit, enabling privilege escalation to admin access via the management console, per SonicWall PSIRT disclosure on Dec 17. #Vulnerability https://t.co/if9j99IFjS
@threatcluster
18 Dec 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-40602(Zero-Day) : Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE 📊23.9K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/jGrnMs1bXv 👇Query HUNTER : https://t.co/q9rtuGfZuz="SonicWall SMA1000"
@HunterMapping
18 Dec 2025
2008 Impressions
5 Retweets
34 Likes
14 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨:CVE-2025-40602(Zero-Day) : Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE 📊1.3K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/jGrnMs1bXv 👇Query HUNTER : https://t.co/q9rtuGfZuz="SonicWall SMA1000" h
@HunterMapping
18 Dec 2025
126 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA reports Zero Day CVE-2025-40602 as being actively exploited in the wild! I've created a detection script here: https://t.co/SAowaDDc3y Patches and workaround are now available. Advisory from Sonicwall: https://t.co/OMzmm8TqrX https://t.co/hDVZ3vtO8H
@rxerium
18 Dec 2025
2616 Impressions
9 Retweets
40 Likes
13 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall SMA 100 users: CVE-2025-40602 is being exploited in the wild (LPE in AMC). Reportedly chained with CVE-2025-23006 to reach unauthenticated root RCE. Patch to 12.4.3-03245 / 12.5.0-02283. 🔗https://t.co/1YLQzEtRsi #SonicWall #CyberSecurity #VulnerabilityManagement
@vulert_official
18 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Zero-Day🚨New Exploit Chain Alert for SonicWall SMA1000 CVE-2025-40602 (CVSS 6.6) – A sneaky local privilege escalation flaw in the Appliance Management Console due to missing authorization checks.The real kicker? Attackers are chaining it with the earlier CVE-2025-23006
@zoomeye_team
18 Dec 2025
1588 Impressions
8 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited https://t.co/NAoPWHGzff A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006. Key takeaways: CVE-2025-
@f1tym1
18 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Уязвимость CVE-2025-40602 в SonicWall SMA 100: что нужно знать https://t.co/qLPfomWjti https://t.co/lMdxBL7a5j
@compileedge
18 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに3件の追加。シスコ社複数製品のCVE-2025-20393、SonicWall SMA1000のCVE-2025-40602、ASUS Live UpdateのCVE-2025-59374。前者2つは対処期
@__kokumoto
18 Dec 2025
4145 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
1 Quote
SonicWallがSMA 100のCVE-2025-40602を修正、悪用確認 https://t.co/nzzk3qj0PD #Security #セキュリティー #ニュース
@SecureShield_
18 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWallのゼロデイ脆弱性を悪用したパッチ適用(CVE-2025-40602) Exploited SonicWall zero-day patched (CVE-2025-40602) #HelpNetSecurity (Dec 17) https://t.co/Q1bvS3AmHy
@foxbook
18 Dec 2025
253 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SonicWall SMA 1000 zero-day (CVE-2025-40602) in the Appliance Management Console is being chained with CVE-2025-23006 for local privilege escalation. SonicWall urges immediate patching. #ZeroDay https://t.co/n88KFWmbK6
@threatcluster
17 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: CVE-2025-40602 is a local privilege escalation vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC). SonicWall has released patches and hotfixes to remediate the issue. #RedLeggCTI #SonicWall ... https://t.co/PmwmS93ryD
@RedLegg
17 Dec 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall patches actively exploited zero-day CVE-2025-40602 affecting Appliance Management Console, fixing deserialization of untrusted data risk. Users should update immediately. #ZeroDay https://t.co/1ryDxx0OES
@threatcluster
17 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Cisco vulnerability CVE-2025-20393, SonicWall vulnerability CVE-2025-40602, and ASUS vulnerability CVE-2025-59374 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyberse
@CISACyber
17 Dec 2025
4901 Impressions
10 Retweets
47 Likes
5 Bookmarks
0 Replies
0 Quotes
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances https://t.co/VMTEV9bOug https://t.co/c5PND3TEZW
@RigneySec
17 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 SonicWall patched an actively exploited flaw in SMA 100 series appliances. CVE-2025-40602 lets attackers escalate privileges via the management console and was chained with a prior bug for root access. Patches are now out for affected versions. 🔗 Read → https://t.co/
@TheHackersNews
17 Dec 2025
10941 Impressions
23 Retweets
75 Likes
9 Bookmarks
1 Reply
2 Quotes
Actively exploited SonicWall zero-day patched (CVE-2025-40602) https://t.co/tIm0LDCV7s #HelpNetSecurity #Cybersecurity https://t.co/OtBBOwXy8X
@PoseidonTPA
17 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA502098-85D4-4263-A972-5C257A27E566",
"versionEndExcluding": "12.4.3-03245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8117AD1-538B-4D74-B7BD-CDDFDF1CA5D6",
"versionEndExcluding": "12.5.0-02283",
"versionStartIncluding": "12.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57B3C90F-F633-41B9-855E-902F6DC8ACA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11F3325C-B52F-4569-A900-87A3062BA955",
"versionEndExcluding": "12.4.3-03245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83F28647-1EB1-4BD4-806E-ECFA82C7F81F",
"versionEndExcluding": "12.5.0-02283",
"versionStartIncluding": "12.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B24D300-1154-49A1-A1F3-FB0CC717166A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "634F6A69-541B-4C08-80CC-D75BCA1AFA0C",
"versionEndExcluding": "12.4.3-03245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "557266E9-9045-4686-B260-ADCCE884E47B",
"versionEndExcluding": "12.5.0-02283",
"versionStartIncluding": "12.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7B4ED9-7A57-48DC-AAEC-A2C2EAFF3B64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BD7021-91E8-4E68-AC7B-6C971E6C6F77",
"versionEndExcluding": "12.4.3-03245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBEAD8B-7C9F-445C-BDC4-E2D19291D155",
"versionEndExcluding": "12.5.0-02283",
"versionStartIncluding": "12.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B414C5-C376-4216-A267-ABC0930905CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A68FFD03-F144-4F74-A7FC-700AC5CA789D",
"versionEndExcluding": "12.4.3-03245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42CE52E0-1CD5-4CA2-85CB-D5BDB2FE63D8",
"versionEndExcluding": "12.5.0-02283",
"versionStartIncluding": "12.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]