SonicWall has released security updates to address a vulnerability in its Secure Mobile Access (SMA) 100 series appliances that is being actively exploited. The flaw, identified as CVE-2025-40602, is a local privilege escalation issue caused by insufficient authorization in the appliance management console.
According to SonicWall, attackers have been using this vulnerability alongside another flaw, CVE-2025-23006, to gain unauthenticated remote code execution with root privileges. While
CVE-2025-23006 was originally patched in January 2025, this new vulnerability allows attackers to further compromise affected systems.
The following versions are impacted by this flaw:
- Version 12.4.3-03093 and earlier: Fixed in version 12.4.3-03245.
- Version 12.5.0-02002 and earlier: Fixed in version 12.5.0-02283.
Researchers Clément Lecigne and Zander Work from the Google Threat Intelligence Group discovered and reported the vulnerability. While the specific scale or attribution of the current attacks remains unknown, Google previously identified a threat cluster named UNC6148 that targeted older SonicWall devices to deploy a backdoor called OVERSTEP. It is currently unclear if these activities are related.
Because the vulnerability is being actively exploited, SonicWall strongly advises users of SMA 100 series appliances to apply the fixes as soon as possible to secure their environments.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
