4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2025-40602 is a local privilege escalation vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), caused by insufficient authorization checks. While no CVSS score, public proof-of-concept (PoC), or reports of exploitation are currently available, SonicWall has released patches and hotfixes to remediate the issue.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Local Privilege Escalation in SonicWall SMA1000 Appliance Management Console (AMC)
CVSS Score: Not available at this time
Identifier: CVE-2025-40602
Exploit or Proof of Concept (PoC): There is currently no confirmed public proof-of-concept (PoC) code and no verified reports of exploitation in the wild for CVE-2025-40602.
Update:
SonicWall has released updates to address this vulnerability. Administrators should review and apply the appropriate patch or hotfix for their affected SMA1000 appliances as documented in the official SonicWall PSIRT advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
Description:
CVE-2025-40602 is a local privilege escalation vulnerability caused by insufficient authorization checks in the SonicWall SMA1000 Appliance Management Console (AMC).
Mitigation Recommendation:
Apply the SonicWall-provided patch or hotfix referenced in the PSIRT advisory SNWLID-2025-0019 as soon as possible.
Inventory all SonicWall SMA1000 appliances and confirm which versions are affected by this vulnerability.
Restrict local and administrative access to the Appliance Management Console to trusted users only and enforce the principle of least privilege.
