By rssfeeds-admin 
The vulnerability, a local privilege escalation flaw, allows attackers with access to the management console to gain elevated privileges and potentially take complete control of affected systems.
Tracked as CVE-2025-40602, this flaw stems from insufficient authorization checks within the SonicWall SMA1000 Appliance Management Console (AMC).
While the vulnerability itself has a medium severity rating, its real danger lies in how hackers are combining it with other exploits to launch devastating attacks.
| Field | Value |
|---|---|
| Vulnerability Name | SonicWall SMA1000 Local Privilege Escalation |
| CVE ID | CVE-2025-40602 |
| Advisory ID | SNWLID-2025-0019 |
| CVSS Score | 6.6 (Medium) |
| Attack Vector | Local / Management Console |
| Impact | Privilege Escalation, System Compromise |
The Attack Chain: From Medium to Critical Risk
Researchers from the Google Threat Intelligence Group discovered that, although CVE-2025-40602 requires management access to exploit, threat actors are actively chaining it to a separate, more critical vulnerability: CVE-2025-23006 (CVSS 9.8).
The previous flaw (CVE-2025-23006) was addressed mainly in January 2025, but unpatched systems remain at risk.
By combining these two vulnerabilities, attackers can bypass authentication entirely and execute a two-stage attack.
First, they gain initial access, then leverage the new privilege-escalation flaw to execute malicious code with root privileges.
This effectively grants the attacker complete administrative control of the device.
The vulnerability impacts explicitly SMA1000 devices running the following platform-hotfix versions:
- Version 12.4.3-03093 and earlier
- Version 12.5.0-02002 and earlier
SonicWall has clarified that this flaw does not affect SSL-VPN functionality on standalone firewalls, thereby limiting exposure to dedicated SMA1000 appliance users.
To address this critical risk, SonicWall has released official patches. Organizations are urged to upgrade immediately to:
- Platform-hotfix 12.4.3-03245 or higher
- Platform-hotfix 12.5.0-02283 or higher
Given the active exploitation, SonicWall PSIRT advises administrators to patch immediately. If an upgrade is not instantly possible, the following temporary mitigations should be applied to the Appliance Management Console (AMC):
- Restrict SSH Access: Limit SSH connections exclusively to trusted administrative IP addresses or secure internal VPNs.
- Disable Public Access: Ensure the AMC and SSH services are not accessible from the public internet.
Registered users can download the necessary security patches directly through the mysonicwall.com portal.
Failure to update could leave critical remote access infrastructure open to complete compromise.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.