CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

SonicWall Patches Exploited SMA 1000 Zero-Day

The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.

SonicWall vulnerability

SonicWall on Wednesday warned that threat actors have been exploiting a vulnerability in the Secure Mobile Access (SMA) 1000 appliance management console (AMC) as a zero-day.

The newly disclosed flaw, tracked as CVE-2025-40602 (CVSS score of 6.6), is a medium-severity local privilege escalation issue.

Rooted in insufficient authorization in the SMA 1000 AMC administration tool, the bug was discovered by researchers of Google’s Threat Intelligence Group (GTIG).

In its Wednesday advisory, SonicWall warned that the security defect has been exploited as a zero-day, but did not detail the observed attacks.

“This vulnerability was reported to be leveraged in combination with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges,” the company said.

Disclosed in January as a zero-day and described as an untrusted data deserialization issue, CVE-2025-23006 was patched in version 12.4.3-02854 of the SMA 100 series platform.

The fresh SonicWall zero-day was resolved in versions 12.4.3-03245 (platform-hotfix) and 12.5.0-02283 (platform-hotfix).

On Wednesday, the US cybersecurity agency CISA added CVE-2025-40602 to its Known Exploited Vulnerabilities (KEV) list, urging immediate patching.

Per Binding Operational Directive (BOD) 22-01, federal agencies have three weeks to address flaws newly added to KEV, but CISA has given them only one week to resolve the new SonicWall zero-day.

Organizations are advised to update their SMA 1000 appliances to the latest hotfix as soon as possible, or to apply mitigations provided by SonicWall.

These include restricting SSH access to the AMC via VPN or specific admin IPs, and disabling the SSL VPN management interface (AMC) and SSH access from the public internet.

According to SonicWall, the vulnerability does not impact SSL-VPN running on SonicWall firewall products.

SonicWall disclosed the security defect on the same day that Cisco warned of a bug in its security appliances that has been exploited as a zero-day by a China-linked threat group.

Related: SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

Related: State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack

Related: Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Related: Unpatched Gogs Zero-Day Exploited for Months

Latest News

CYBERNEWSMEDIAPublisher