Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Researchers have discovered a vulnerability, identified as CVE-2025-40602, affecting SonicWall’s SMA1000 series of secure access gateways. This flaw is particularly concerning because it could allow an attacker to escalate their privileges within a system without necessarily being present on it.
The issue has been officially classified with a CVSS score of 6.6, but the real danger lies in how attackers could exploit it. In fact, the vulnerability has been described as a ” local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 Appliance Management Console (AMC).”
This vulnerability could significantly impact the security of organizations using these devices to manage remote worker connectivity. It is therefore important to take measures to mitigate the risk and protect systems from potential attacks.
However, SonicWall’s advisory reveals a darker context. This specific bug is being exploited in conjunction with a previously reported critical flaw, with catastrophic effects.
“IMPORTANT: This vulnerability has been reported to be exploited in conjunction with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges,” the advisory warns .
By chaining these two exploits, attackers can bypass authentication entirely (using the first flaw) and then elevate their permissions to root (using the new flaw), effectively gaining the “keys to the castle” without ever needing a valid username or password.
The vulnerability is specific to the SMA1000 series running firmware versions 12.4.3-03093 and earlier, or 12.5.0-02002 and earlier. SonicWall urges users to apply the patch immediately. The company has released hotfixes for the platform (builds 12.4.3-03245 and 12.5.0-02283) to address the security vulnerability.
For organizations unable to take their systems offline for an immediate update, SonicWall suggests a workaround: locking down the management interface. Administrators should “disable the SSL VPN (AMC) management interface and SSH access from the public Internet” and restrict access to VPN tunnels or specific internal IP addresses.
To avoid these problems, it’s important to pay attention to a few things. First, it’s essential to immediately apply security patches released by SonicWall, such as the platform hotfixes (builds 12.4.3-03245 and 12.5.0-02283). Second, it’s important to restrict access to VPN tunnels or specific internal IP addresses and disable the SSL VPN Management Interface (AMC) and SSH access from the public Internet.
This way, you can mitigate risk and protect your systems from potential attacks.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
