SonicWall Patches Actively Exploited Privilege Escalation Flaw in SMA 100 Appliances (CVE-2025-40602)

18 Dec 2025

SonicWallSMA100CVE-2025-40602privilege-escalationactive-exploitationpatch-managementnetwork-securityremote-access

SonicWall has released security updates to address an actively exploited privilege escalation vulnerability (CVE-2025-40602, CVSS 6.6) in its Secure Mobile Access (SMA) 100 series appliances. The flaw stems from insufficient authorization checks in the Appliance Management Console (AMC), allowing authenticated local attackers to elevate privileges. While the CVSS score indicates medium severity, active exploitation necessitates immediate patching. The vulnerability likely requires initial access to the management interface, suggesting attackers may chain this with other exploits or credential theft. No details about the ongoing attacks or threat actors have been disclosed. Cybersecurity professionals should prioritize patching affected SMA 100 devices and monitor for unauthorized access attempts to the AMC. Given the appliance's role in remote access, compromise could enable lateral movement within networks. The lack of attack telemetry underscores the importance of defense-in-depth strategies, including network segmentation and multi-factor authentication for management interfaces.