CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Published:

17 december 2025 om 15:27:25

Alert date:

17 december 2025 om 21:02:12

Source:

tenable.com

CVE-2025-40602 is a local privilege escalation vulnerability in SonicWall SMA 1000 appliance management console that has been exploited in the wild in a chained attack with CVE-2025-23006, a deserialization vulnerability. The combination allows unauthenticated attackers to execute arbitrary code with root privileges on affected SonicWall Secure Mobile Access devices. SonicWall has released patches for both vulnerabilities. The SMA product line has historically been targeted by ransomware groups and featured in top routinely exploited vulnerabilities lists.

Technical details

Mitigation steps:

Affected products:

SonicWall Secure Mobile Access SMA 1000

Related links:

https://www.tenable.com/blog/cve-2025-40602-sonicwall-secure-mobile-access-sma-1000-zero-day-exploited
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
https://www.tenable.com/cve/CVE-2025-40602/plugins
https://www.tenable.com/cve/CVE-2025-23006/plugins
https://www.tenable.com/blog/cve-2025-23006-sonicwall-secure-mobile-access-sma-1000-zero-day-reportedly-exploited
https://cloud.google.com/blog/topics/threat-intelligence/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat/
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/blog/faq-about-sonicwall-gen-7-firewall-ransomware-activity-akira
https://connect.tenable.com/category/news-you-need/discussions/vulnerability-watch
https://www.tenable.com/products/tenable-one

Related CVE's:

CVE-2025-40602

CVE-2025-23006

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.