CVE-2025-40602β€”SonicWall SMA1000 Missing Authorization Vulnerability

PUBLISHEDvulnerability record
2025-12-17 Β· last modified December 22, 2025

Metadata

CVE ID:
CVE-2025-40602
Project:
SonicWall
Product:
SMA1000 appliance
Date Added:
2025-12-17
Due Date:
2025-12-24
Last Updated:
December 22, 2025

Vulnerability Name

SonicWall SMA1000 Missing Authorization Vulnerability

Description

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

Additional Notes

Related News Articles

Related Weaknesses