CVE-2025-40602

MediumCISA KEVActive Exploitation

Published: 18 December 2025

Published

18 December 2025

Modified

19 December 2025

KEV Added

17 December 2025

Patch

—

CVSS Score 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.2th percentile

Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Description

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations for access to system resources, addressing the insufficient authorization (CWE-862) that enables privilege escalation in the AMC.

AC-6 Least Privilege good match

prevent

Employs least privilege to restrict unnecessary privileges (CWE-250), preventing high-privilege administrators from escalating further via the AMC vulnerability.

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation, including patching CVE-2025-40602 per the SonicWall advisory, to eliminate the privilege escalation vulnerability.

Security SummaryAI

CVE-2025-40602 is a local privilege escalation vulnerability caused by insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). It affects the AMC component of the SonicWall SMA1000 appliance. The vulnerability carries a CVSS v3.1 base score of 6.6 with the vector AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H and is linked to CWE-250 (Execution with Unnecessary Privileges) and CWE-862 (Missing Authorization).

Exploitation requires network access and high privileges (PR:H), such as those held by an authenticated administrator, combined with high attack complexity (AC:H) but no user interaction (UI:N). A successful attack enables high-impact consequences on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to escalate privileges within the appliance.

Mitigation guidance is available in the SonicWall PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602, indicating real-world exploitation.

Details

CWE(s): CWE-250 CWE-862
KEV Date Added: 17 December 2025

Affected Products

sonicwall

sma6200 firmware

≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

sonicwall

sma6210 firmware

≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

sonicwall

sma7200 firmware

≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

sonicwall

sma7210 firmware

≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

sonicwall

sma8200v

≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2025-40602 is explicitly described as a local privilege escalation vulnerability due to insufficient authorization (CWE-862) and execution with unnecessary privileges (CWE-250), directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
Vendor Advisory · PSIRT@sonicwall.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0