The vulnerability, tracked as CVE-2025-40602, affects the appliance management console and poses a significant risk to enterprise networks relying on SonicWall’s remote access solutions.
SonicWall PSIRT disclosed the flaw on December 17, 2025, revealing that the SMA1000 appliance suffers from insufficient authorization controls in its management interface.
This allows authenticated attackers to escalate their privileges and potentially compromise the entire appliance.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2025-40602 |
| Advisory ID | SNWLID-2025-0019 |
| Vulnerability Type | Local Privilege Escalation (CWE-862, CWE-250) |
| CVSS v3 Score | 6.6 |
| CVSS Vector | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Affected Product | SonicWall SMA1000 |
The vulnerability received a CVSS score of 6.6, indicating a medium-to-high severity rating.
The security advisory reveals a particularly alarming scenario: attackers have been chaining this vulnerability with CVE-2025-23006.
A separate unauthenticated remote code execution flaw with a CVSS score of 9.8. By combining both vulnerabilities.
Attackers can achieve unauthenticated remote code execution with root-level privileges, essentially gaining complete control over affected SMA1000 devices.
Affected versions include SMA1000 12.4.3-03093 and earlier, as well as 12.5.0-02002 and earlier. SonicWall has released patched versions: 12.4.3-03245 and 12.5.0-02283.
The company urges all users to upgrade immediately to these fixed versions available on mysonicwall.com. The vulnerability was discovered and reported by researchers Clément Lecigne and Zander Work from Google Threat Intelligence Group.
SonicWall emphasized that the flaw does not affect SSL-VPN running on SonicWall firewalls. Limiting the blast radius somewhat, though SMA1000 appliances remain critical targets.
Until patches are deployed, SonicWall PSIRT recommends implementing immediate mitigations: Restrict SSH access to the appliance management console only through VPN or allowed administrative IP addresses.
Disable SSL-VPN management interface access from the public internet. These workarounds help reduce exposure while organizations plan their patching schedule.
Given the active exploitation and the ease of chaining this vulnerability with CVE-2025-23006. Organizations managing SonicWall SMA1000 appliances should prioritize patching as an urgent security measure to prevent potential breaches and unauthorized access to their remote access infrastructure.
AI-Powered ISO 27001, SOC 2, NIST, NIS 2, and GDPR Compliance Checklist => Start for Free
The post Hackers Exploiting SonicWall SMA1000 0-day Vulnerability to Escalate Privileges appeared first on Cyber Security News.
The casting search for the next actor to play James Bond is officially underway. Amazon…
I can think of few activities I'd enjoy more than playing a video game on…
The list of nominees for the 2026 Will Eisner Comic Industry Awards has been revealed.…
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have…
A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have…
Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an…
This website uses cookies.