SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Key Points:

• SonicWall has addressed a critical vulnerability (CVE-2025-40602) in its SMA 100 series appliances, which is being actively exploited for local privilege escalation.
• The vulnerability allows attackers to leverage insufficient authorization in the appliance management console, potentially leading to unauthenticated remote code execution when combined with CVE-2025-23006.
• Users of SonicWall SMA 100 series appliances should immediately apply the latest patches to mitigate risks associated with this vulnerability.

Technical Details: CVE-2025-40602 has a CVSS score of 6.6 and is linked to local privilege escalation due to insufficient authorization. It can be exploited in conjunction with CVE-2025-23006, which has a CVSS score of 9.8, allowing for remote code execution with root privileges.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned