SonicWall Patches Exploited SMA 1000 Zero-Day

SonicWall on Wednesday warned that threat actors have been exploiting a vulnerability in the Secure Mobile Access (SMA) 1000 appliance management console (AMC) as a zero-day.

The newly disclosed flaw, tracked as CVE-2025-40602 (CVSS score of 6.6), is a medium-severity local privilege escalation issue.

Rooted in insufficient authorization in the SMA 1000 AMC administration tool, the bug was discovered by researchers of Google’s Threat Intelligence Group (GTIG).

In its Wednesday advisory, SonicWall warned that the security defect has been exploited as a zero-day, but did not detail the observed attacks.

“This vulnerability was reported to be leveraged in combination with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges,” the company said.

Disclosed in January as a zero-day and described as an untrusted data deserialization issue, CVE-2025-23006 was patched in version 12.4.3-02854 of the SMA 100 series platform.

The fresh SonicWall ...