A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HSonicwall Sma6200
HWSonicwallwszystkie wersjeSonicwall Sma6200 Firmware
OSSonicwall12.5.0 – 12.5.0-02283 (bez)< 12.4.3-03245Sonicwall Sma6210
HWSonicwallwszystkie wersjeSonicwall Sma6210 Firmware
OSSonicwall< 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)Sonicwall Sma7200
HWSonicwallwszystkie wersjeSonicwall Sma7200 Firmware
OSSonicwall12.5.0 – 12.5.0-02283 (bez)< 12.4.3-03245Sonicwall Sma7210
HWSonicwallwszystkie wersjeSonicwall Sma7210 Firmware
OSSonicwall< 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)Sonicwall Sma8200v
APPSonicwall< 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)
CISA KEV — detailsi
- Vendori
- SonicWall ↗
- Producti
- SMA1000 appliance
- Added to KEVi
- December 17, 2025
- Remediation deadline (US Federal)i
- December 24, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
Related vulnerabilities
SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 seri...
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...