Another bad week for SonicWall as SMA 1000 zero-day under active exploit

SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.

The bug, tracked as CVE-2025-40602, resides in the appliance management console of SonicWall's Secure Mobile Access (SMA) 1000 series and stems from missing or insufficient authorization checks that let authenticated attackers elevate their privileges.

SonicWall's advisory says the vulnerability has been chained with another SMA 1000 flaw patched earlier this year (CVE-2025-23006) to enable unauthenticated remote code execution with root rights – a particularly nasty combo when weaponized in the wild.

SonicWall's official notice, published this week, says users should update to the latest hotfix versions immediately and restrict access to the Appliance Management Console to trusted networks. The vendor's PSIRT team says the issue affects only SMA 1000 appliances and does not impact other SonicWall firewall products ...