- 275/2025
- Medium
SonicWall has released a security update to fix a vulnerability affecting SonicWall SMA 100 series appliances.
The addressed vulnerability could allow the local attacker to bypass authorization mechanisms and gain elevated privileges.
SonicWall SMA 100 Local Privilege Escalation Vulnerability (CVE-2025-40602):
- CVSS: 6.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
The affected products:
- SMA 100 Series 12.4.3-03093 (platform-hotfix) and earlier versions.
- SMA 100 Series 12.5.0-02002 (platform-hotfix) and earlier versions.
It should be highlighted that the vulnerability ”CVE-2025-40602” was reported to be leveraged in combination with “CVE-2025-23006” (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges. CVE-2025-23006 was remediated in build version 12.4.3-02854 (platform-hotfix) and higher versions (released on Jan 22, 2025).
Vulnerabilities
CVE-2025-40602
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.