Local Privilege Escalation Vulnerability in SonicWall SMA1000 Appliance Management Console
CVE-2025-40602

6.6MEDIUM

Key Information:

Vendor

Sonicwall
Status
Sma1000
Vendor
CVE Published:
18 December 2025

Badges

📈 Score: 138👾 Exploit Exists📰 News Worthy

What is CVE-2025-40602?

CVE-2025-40602 is a local privilege escalation vulnerability affecting the management console of the SonicWall SMA1000 appliance. The SMA1000 is designed to facilitate secure remote access for users and is commonly utilized in enterprise environments to enable connectivity while maintaining robust security protocols. This vulnerability arises from insufficient authorization checks within the appliance's management console, which could allow an unauthorized user to escalate their privileges. The potential exploitation of this flaw would enable attackers to gain elevated access rights, which could lead to modifying system configurations, accessing sensitive data, or executing malicious commands, thereby compromising the integrity and confidentiality of the entire system.

Potential impact of CVE-2025-40602

  1. Unauthorized System Access: The vulnerability permits unauthorized users to escalate privileges, enabling them to gain control over the SonicWall appliance's management console. This access could lead to unauthorized changes, compromising the device’s functionality and security measures.

  2. Data Exposure and Integrity Risks: With elevated privileges, an attacker could access sensitive data processed or stored within the SMA1000. Such exposure of confidential information could result in data breaches that might have severe legal and financial repercussions for an organization.

  3. Wider Network Compromise: Exploiting this vulnerability could create a pathway for attackers to infiltrate broader network infrastructures connected to the SMA1000 appliance. This foothold could be used to launch further attacks, propagate malware, or compromise additional systems within the organization.

Affected Version(s)

SMA1000 Linux 12.4.3-03093 (platform-hotfix) and earlier versions

SMA1000 Linux 12.5.0-02002 (platform-hotfix) and earlier versions

News Articles

favicon imageSecurity Affairs

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS vulnerabilities to its Known Exploited Vulnerabilities catalog..

14 hours ago

favicon imageArctic Wolf

CVE-2025-40602 | Arctic Wolf

SonicWall has released fixes for an actively exploited medium-severity zero-day vulerability in the SonicWall SMA1000 Appliance Management Console, tracked as CVE-2025-40602

1 day ago

favicon imageThe Hacker News

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall released fixes for an actively exploited SMA 100 vulnerability enabling privilege escalation and chained root access attacks.

1 day ago

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...
vendor-advisory

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by The Hacker News

  • Vulnerability Reserved

Credit

Clément Lecigne and Zander Work of Google Threat Intelligence Group
JSON
.
CVE-2025-40602 : Local Privilege Escalation Vulnerability in SonicWall SMA1000 Appliance Management Console