← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-40602 — Actively Exploited: SMA1000 appliance (SonicWall)

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

CVE IDCVE-2025-40602
VendorSonicWall
ProductSMA1000 appliance
Vulnerability nameSonicWall SMA1000 Missing Authorization Vulnerability
Date added2025-12-17
Remediation due2025-12-24
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
DescriptionSonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →