The vulnerability, tracked as CVE-2025-40602, affects the appliance management console and poses a significant risk to enterprise networks relying on SonicWall’s remote access solutions.
SonicWall PSIRT disclosed the flaw on December 17, 2025, revealing that the SMA1000 appliance suffers from insufficient authorization controls in its management interface.
This allows authenticated attackers to escalate their privileges and potentially compromise the entire appliance.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2025-40602 |
| Advisory ID | SNWLID-2025-0019 |
| Vulnerability Type | Local Privilege Escalation (CWE-862, CWE-250) |
| CVSS v3 Score | 6.6 |
| CVSS Vector | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Affected Product | SonicWall SMA1000 |
The vulnerability received a CVSS score of 6.6, indicating a medium-to-high severity rating.
The security advisory reveals a particularly alarming scenario: attackers have been chaining this vulnerability with CVE-2025-23006.
A separate unauthenticated remote code execution flaw with a CVSS score of 9.8. By combining both vulnerabilities.
Attackers can achieve unauthenticated remote code execution with root-level privileges, essentially gaining complete control over affected SMA1000 devices.
Affected versions include SMA1000 12.4.3-03093 and earlier, as well as 12.5.0-02002 and earlier. SonicWall has released patched versions: 12.4.3-03245 and 12.5.0-02283.
The company urges all users to upgrade immediately to these fixed versions available on mysonicwall.com. The vulnerability was discovered and reported by researchers Clément Lecigne and Zander Work from Google Threat Intelligence Group.
SonicWall emphasized that the flaw does not affect SSL-VPN running on SonicWall firewalls. Limiting the blast radius somewhat, though SMA1000 appliances remain critical targets.
Until patches are deployed, SonicWall PSIRT recommends implementing immediate mitigations: Restrict SSH access to the appliance management console only through VPN or allowed administrative IP addresses.
Disable SSL-VPN management interface access from the public internet. These workarounds help reduce exposure while organizations plan their patching schedule.
Given the active exploitation and the ease of chaining this vulnerability with CVE-2025-23006. Organizations managing SonicWall SMA1000 appliances should prioritize patching as an urgent security measure to prevent potential breaches and unauthorized access to their remote access infrastructure.
AI-Powered ISO 27001, SOC 2, NIST, NIS 2, and GDPR Compliance Checklist => Start for Free
The post Hackers Exploiting SonicWall SMA1000 0-day Vulnerability to Escalate Privileges appeared first on Cyber Security News.
If you're in need of a second pair of Joy-Con controllers for your Nintendo Switch…
THE HAGUE, Netherlands (AP) — As U.S. and Israeli forces pounded Iran, and Tehran and its…
Americans don’t trust President Donald Trump when it comes to foreign policy, a Reuters/Ipsos poll…
If you own an old car without Bluetooth and you're looking for a cheap and…
2026 has already seen surges in the cost of RAM and GPUs. Unfortunately, this also…
A gas pump is seen in a vehicle on Nov. 26, 2025, in Austin, Texas.…
This website uses cookies.