CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability

CVE ID

CVE-2025-40602

Vulnerability Name

SonicWall SMA1000 Missing Authorization Vulnerability

• Project: SonicWall
• Product: SMA1000 appliance

Date

• Date Added: 2025-12-17
• Due Date: 2025-12-24

Description

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

Additional Notes

Check for signs of potential compromise on all internet accessible SonicWall SMA1000 instances after applying mitigations. For more information please see: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40602

Related Security News

• SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List