Cyber Resilience

CVE-2025-40602

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 18 December 2025

Published
18 December 2025
Modified
19 December 2025
KEV Added
17 December 2025
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0191 77.0th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40602 is a medium-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Sonicwall Sma6200 Firmware. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 23.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-40602 is a local privilege escalation vulnerability caused by insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). It affects the AMC component of the SonicWall SMA1000 appliance. The vulnerability carries a CVSS v3.1 base score of 6.6 with the vector AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H and is linked to CWE-250 (Execution with Unnecessary Privileges) and CWE-862 (Missing Authorization).

Exploitation requires network access and high privileges (PR:H), such as those held by an authenticated administrator, combined with high attack complexity (AC:H) but no user interaction (UI:N). A successful attack enables high-impact consequences on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to escalate privileges within the appliance.

Mitigation guidance is available in the SonicWall PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602, indicating real-world exploitation.

EU & UK References

Vulnerability details

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

CWE(s)
KEV Date Added
17 December 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE-2025-40602 is explicitly described as a local privilege escalation vulnerability due to insufficient authorization (CWE-862) and execution with unnecessary privileges (CWE-250), directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-23006Same product: Sonicwall Sma6200both on KEV
CVE-2026-4116Same product: Sonicwall Sma6200
CVE-2026-4113Same product: Sonicwall Sma6200
CVE-2024-57726Shared CWE-862both on KEV
CVE-2024-53704Same vendor: Sonicwallboth on KEV
CVE-2025-57119Shared CWE-250
CVE-2021-47701Shared CWE-862
CVE-2025-2103Shared CWE-862
CVE-2026-29180Shared CWE-862
CVE-2025-23025Shared CWE-862

Affected Assets

sonicwall
sma6200 firmware
≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283
sonicwall
sma6210 firmware
≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283
sonicwall
sma7200 firmware
≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283
sonicwall
sma7210 firmware
≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283
sonicwall
sma8200v
≤ 12.4.3-03245 · 12.5.0 — 12.5.0-02283

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for access to system resources, addressing the insufficient authorization (CWE-862) that enables privilege escalation in the AMC.

prevent

Employs least privilege to restrict unnecessary privileges (CWE-250), preventing high-privilege administrators from escalating further via the AMC vulnerability.

prevent

Requires timely flaw remediation, including patching CVE-2025-40602 per the SonicWall advisory, to eliminate the privilege escalation vulnerability.

References