SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console (AMC).
It affects the following versions –
12.4.3-03093 (platform-hotfix) and earlier versions – Fixed in 12.4.3-03245 (platform-hotfix)
12.5.0-02002 (platform-hotfix) and earlier versions – Fixed in 12.5.0-02283 (platform-hotfix).
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
CVE-2025-40602 Exploited
“This vulnerability was reported to be leveraged in combination with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges,” SonicWall said.
Clément Lecigne and Zander Work of Google Threat Intelligence Group (GTIG) have been credited with discovering and reporting CVE-2025-40602. There are currently no details on the scale of the attacks and who is behind the efforts. Read the full article here
It’s worth noting that CVE-2025-23006 was patched by the company in late January 2025 in version 12.4.3-02854 (platform-hotfix).