CVE-2025-40602

Summary

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA100012.4.3-03093 (platform-hotfix) and earlier versionsaffected
SonicWallSMA100012.5.0-02002 (platform-hotfix) and earlier versionsaffected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References