Skip to main content

SonicWall Releases Security Advisory for SonicWall SMA1000 Series Appliances

When chained together, CVE-2025-40602 and CVE-2025-23006 could lead to unauthenticated remote code execution with root privileges

Threat ID:
CC-4731
Threat Severity:
Medium
Published:
18 December 2025 1:35 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

When chained together, CVE-2025-40602 and CVE-2025-23006 could lead to unauthenticated remote code execution with root privileges

Threat details

CVE-2025-40602 Under Active Exploitation

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-40602 to their Known Exploited Vulnerabilities (KEV) Catalog. 

When chained together, CVE-2025-40602 and CVE-2025-23006 could lead to unauthenticated remote code execution with root privileges. 

The NHS England National CSOC has previously published a High Severity Cyber Alert (CC-4609) addressing CVE-2025-23006. NHS England National CSOC assesses future exploitation as likely.

Introduction

SonicWall has released a security advisory to address a vulnerability in SonicWall SMA1000 Appliance Management Console (AMC).

  • CVE-2025-40602 - a 'local privilege escalation' vulnerability with a CVSSv3 score of 6.6.

When chained together, CVE-2025-40602 and CVE-2025-23006 could lead to unauthenticated remote code execution with root privileges. 

Note: SonicWall Firewall products are not affected by this vulnerability.

Remediation advice

Affected organisations are encouraged to review SonicWall's security advisory and apply the relevant updates as soon as possible.

Last edited: 18 December 2025 1:35 pm