What is CVE-2025-40602?

CVE-2025-40602 is a vulnerability in Sonicwall Sma1000, classified under Missing Authorization. Published 2025-12-18.

Is CVE-2025-40602 known to be exploited?

Yes. CVE-2025-40602 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-12-17), indicating it is being actively exploited. 2 public proof-of-concept repositories are indexed.

Auth bypass in Sonicwall Sma1000

CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Vulnerability class: Broken Access Control

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma1000 — versions 12.4.3-03093 (platform-hotfix) and earlier versions, 12.5.0-02002 (platform-hotfix) and earlier versions

Weakness classification (CWE)

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2025-12-17. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2025-12-24.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

Public proof-of-concept exploits

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 (vendor-advisory)

Frequently asked questions

What is CVE-2025-40602?: CVE-2025-40602 is a vulnerability in Sonicwall Sma1000, classified under Missing Authorization. Published 2025-12-18.
Is CVE-2025-40602 known to be exploited?: Yes. CVE-2025-40602 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-12-17), indicating it is being actively exploited. 2 public proof-of-concept repositories are indexed.