Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers.

“This vulnerability was reported to be leveraged in combination with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges,” the company said.

About CVE-2025-40602

SonicWall Secure Mobile Access (SMA) 1000 appliances/gateways are used by large, distributed enterprises to allow employees secure access to applications.

CVE-2025-23006 was remediated in January 2025, after Microsoft Threat Intelligence Center reported “possible active exploitation” of the (at the time) zero-day vulnerability.

CVE-2025-23006 is a deserialization of untrusted data vulnerability in the devices’ Appliance Management Console (AMC) and Central Management Console (CMC), which can be exploited by unauthenticated attackers to execute arbitrary OS commands.

CVE-2025-40602, publicly revealed today, also affects the Appliance Management Console. Due to insufficient/missing authorization, and chained to CVE-2025-23006, it allows attackers to execute OS commands with the highest of privileges (“root”).

SonicWall aknowledged that the vulnerability (and presumably its in-the-wild-exploitation status) was reported by Clément Lecigne and Zander Work of Google Threat Intelligence Group, but details about the attacks have not been shared and indicators of compromise are not available.

Organizations using SMA 1000 appliances are advised to upgrade to a fixed version:

  • 12.4.3-03245 (platform-hotfix) and higher
  • 12.5.0-02283 (platform-hotfix) and higher

If possible, they should also restrict access to AMC to specific admin IPs and disable SSL VPN management interface (AMC) and SSH access from the public internet, to protect against exploitation of these and future vulnerabilities affecting the console.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!

More about

Featured news

Resources

Don't miss