cve detail

CVE-2025-40602

naam

SonicWall SMA1000 Missing Authorization Vulnerability

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

KEV

bekend misbruikt

EPSS

0,4%

percentiel

58%

vendor

SonicWall

product

SMA1000 appliance

toegevoegd aan KEV

17 dec 2025

due date

24 dec 2025

ransomware

Unknown

CWE

CWE-862, CWE-250

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

notities

Check for signs of potential compromise on all internet accessible SonicWall SMA1000 instances after applying mitigations. For more information please see: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40602