SonicWall SMA1000 AMC LPE via Insufficient Auth
CVE-2025-40602 Published on December 18, 2025
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Known Exploited Vulnerability
This SonicWall SMA1000 Missing Authorization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
The following remediation steps are recommended / required by December 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
Vulnerability Analysis
CVE-2025-40602 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-40602 has been classified to as an AuthZ vulnerability or weakness.
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Versions
SonicWall SMA1000:- Version 12.4.3-03093 (platform-hotfix) and earlier versions is affected.
- Version 12.5.0-02002 (platform-hotfix) and earlier versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.