Perceptive Security
SOC/SIEM Consultancy
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
Published:
17 December 2025 at 15:27:25
Alert date:
17 December 2025 at 21:02:12
Source:
tenable.com
CVE-2025-40602 is a local privilege escalation vulnerability in SonicWall SMA 1000 appliance management console that has been exploited in the wild in a chained attack with CVE-2025-23006, a deserialization vulnerability. The combination allows unauthenticated attackers to execute arbitrary code with root privileges on affected SonicWall Secure Mobile Access devices. SonicWall has released patches for both vulnerabilities. The SMA product line has historically been targeted by ransomware groups and featured in top routinely exploited vulnerabilities lists.
Technical details
Mitigation steps:
Affected products:
SonicWall Secure Mobile Access SMA 1000
Related links:
https://www.tenable.com/blog/cve-2025-40602-sonicwall-secure-mobile-access-sma-1000-zero-day-exploited
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
https://www.tenable.com/cve/CVE-2025-40602/plugins
https://www.tenable.com/cve/CVE-2025-23006/plugins
https://www.tenable.com/blog/cve-2025-23006-sonicwall-secure-mobile-access-sma-1000-zero-day-reportedly-exploited
https://cloud.google.com/blog/topics/threat-intelligence/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat/
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/blog/faq-about-sonicwall-gen-7-firewall-ransomware-activity-akira
https://connect.tenable.com/category/news-you-need/discussions/vulnerability-watch
https://www.tenable.com/products/tenable-one
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.