Perceptive Security
SOC/SIEM Consultancy
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
Published:
17 December 2025 at 18:17:00
Alert date:
17 December 2025 at 20:02:12
Source:
thehackernews.com
Network Infrastructure, Zero-Day Vulnerabilities
SonicWall has released fixes for CVE-2025-40602, a local privilege escalation vulnerability in Secure Mobile Access (SMA) 100 series appliances that is being actively exploited in the wild. The vulnerability has a CVSS score of 6.6 and stems from insufficient authorization in the appliance management console (AMC). This represents an active threat requiring immediate patching of affected SonicWall SMA 100 devices.
Technical details
CVE-2025-40602 is a local privilege escalation vulnerability with CVSS score 6.6 that arises from insufficient authorization in the appliance management console (AMC). The vulnerability was reported to be leveraged in combination with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges.
Mitigation steps:
Apply fixes immediately. Update to version 12.4.3-03245 (platform-hotfix) for 12.4.x series or version 12.5.0-02283 (platform-hotfix) for 12.5.x series. CVE-2025-23006 was patched in version 12.4.3-02854 (platform-hotfix).
Affected products:
SonicWall Secure Mobile Access (SMA) 100 series appliances - versions 12.4.3-03093 (platform-hotfix) and earlier
SonicWall Secure Mobile Access (SMA) 100 series appliances - versions 12.5.0-02002 (platform-hotfix) and earlier
Related links:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html
https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html
Related CVE's:
Related threat actors:
IOC's:
OVERSTEP backdoor
This article was created with the assistance of AI technology by Perceptive.