MEDIUM🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-40602

CVSS 6.6v3.1pub. 2025-12-18upd. 2025-12-19

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma6200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6200 Firmware

    OS
    Sonicwall
    12.5.0 – 12.5.0-02283 (bez)< 12.4.3-03245
  • Sonicwall Sma6210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6210 Firmware

    OS
    Sonicwall
    < 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)
  • Sonicwall Sma7200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7200 Firmware

    OS
    Sonicwall
    12.5.0 – 12.5.0-02283 (bez)< 12.4.3-03245
  • Sonicwall Sma7210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7210 Firmware

    OS
    Sonicwall
    < 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)
  • Sonicwall Sma8200v

    APP
    Sonicwall
    < 12.4.3-0324512.5.0 – 12.5.0-02283 (bez)

CISA KEV — detailsi

Vendori
SonicWall
Producti
SMA1000 appliance
Added to KEVi
December 17, 2025
Remediation deadline (US Federal)i
December 24, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

CISA descriptioni

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 grudnia 2025
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE

CVE-2026-4112HIGH7.2ten sam produkt

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 seri...

CVE-2026-4113HIGH7.2ten sam produkt

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...

CVE-2026-4116HIGH7.2ten sam produkt

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...

CVE-2026-4114MEDIUM6.6ten sam produkt

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...