CVE-2025-40602

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 versions prior to 12.4.3-03245 and 12.5.0-02283 SonicWall SMA 100 series appliances (affected versions not specified)

Description A local privilege escalation vulnerability exists in the SonicWall SMA1000 appliance management console (AMC) due to insufficient authorization. This vulnerability, actively exploited in the wild, allows an attacker to escalate privileges. The vulnerability has been chained with other flaws to achieve root remote code execution. This issue affects SonicWall SMA1000 appliances and SMA 100 series appliances. There have been reports of this vulnerability being exploited in attacks, potentially leading to network entry.

Recommendations Upgrade SonicWall SMA1000 to version 12.4.3-03245 or 12.5.0-02283. Apply the latest hotfixes for SonicWall SMA 100 series appliances. Restrict access to the AMC to administrative IP addresses only.