SonicWall has released security updates to fix a vulnerability in SMA 100 series appliances that is actively being exploited. The flaw allows local privilege escalation and, when combined with another vulnerability, can enable remote code execution with root privileges. #CVE2025-40602 #SonicWall #SMA100
Keypoints
- SonicWall issued patches to address a critical security flaw in SMA 100 series appliances.
- The vulnerability, CVE-2025-40602, involves local privilege escalation due to insufficient authorization.
- It can be exploited in conjunction with CVE-2025-23006 for remote code execution with root access.
- The flaw affects certain versions before they were patched in later updates.
- CISA has added this vulnerability to its KEV list, requiring federal agencies to apply the fixes by December 24, 2025.
Read More: https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html