Threat actors are exploiting zero-day vulnerabilities in SonicWall’s SMA1000 edge access devices, chaining two critical flaws to attack customers. The latest zero-day vulnerability, CVE-2025-40602, is a medium-severity local privilege escalation flaw in the appliance management console (AMC) with a 6.6 CVSS score. Researchers from Google’s Threat Intelligence Group discovered the flaw.
To mitigate the risk, SonicWall advises applying hotfixes for version 12.4.3 and higher, or 12.5.0-02283 and higher. Customers can also restrict AMC access to SSH through a VPN or administrator IP address, or disable SSL VPN management interface.
This vulnerability is not the worst threat faced by SonicWall customers this year. In October, a cloud backup service was breached, and in the summer, Akira ransomware actors exploited an older vulnerability to attack firewall devices.
Note: I simplified the text by removing technical jargon and complex sentences, while maintaining the essential information and key points. The article is now concise and easy to read for non-technical readers.
Source: https://www.darkreading.com/vulnerabilities-threats/sonicwall-edge-devices-zero-day-attacks