CVE-2025-40602
Published: 18 December 2025
Summary
CVE-2025-40602 is a medium-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Sonicwall Sma6200 Firmware. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.5th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for access to system resources, addressing the insufficient authorization (CWE-862) that enables privilege escalation in the AMC.
Employs least privilege to restrict unnecessary privileges (CWE-250), preventing high-privilege administrators from escalating further via the AMC vulnerability.
Requires timely flaw remediation, including patching CVE-2025-40602 per the SonicWall advisory, to eliminate the privilege escalation vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-40602 is explicitly described as a local privilege escalation vulnerability due to insufficient authorization (CWE-862) and execution with unnecessary privileges (CWE-250), directly enabling T1068: Exploitation for Privilege Escalation.
NVD Description
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Deeper analysisAI
CVE-2025-40602 is a local privilege escalation vulnerability caused by insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). It affects the AMC component of the SonicWall SMA1000 appliance. The vulnerability carries a CVSS v3.1 base score of 6.6 with the vector AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H and is linked to CWE-250 (Execution with Unnecessary Privileges) and CWE-862 (Missing Authorization).
Exploitation requires network access and high privileges (PR:H), such as those held by an authenticated administrator, combined with high attack complexity (AC:H) but no user interaction (UI:N). A successful attack enables high-impact consequences on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to escalate privileges within the appliance.
Mitigation guidance is available in the SonicWall PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602, indicating real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 17 December 2025