SonicWall has addressed a security flaw in its Secure Mobile Access (SMA) 100 series appliances that was actively exploited in the wild. The vulnerability, CVE-2025-40602, allows local privilege escalation due to insufficient authorization in the appliance management console (AMC).
Fixed versions include SMA 12.4.3-03245 and SMA 12.5.0-02283, which were released after previous, affected versions.
Google Threat Intelligence Group discovered the vulnerability and reported it to SonicWall, which was previously leveraged with CVE-2025-23006 to achieve unauthenticated remote code execution.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-40602 to its KEV catalog, requiring Federal agencies to apply fixes by December 24, 2025. Users of SMA 100 series appliances should prioritize applying the updates as soon as possible.
Source: https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html