CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Basic Information

CVE State: PUBLISHED
Reserved Date: April 16, 2025
Published Date: December 18, 2025
Last Updated: December 18, 2025
Vendor: SonicWall
Product: SMA1000
Description: A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Tags

CVSS Scores

CVSS v3.1

6.6 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:46:36 UTC) Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:46:36 UTC

Timeline

CVE ID Reserved

April 16, 2025
CVE Published to Public

December 18, 2025
Added to KEVIntel

June 01, 2026