Your network security is at risk, and it’s more serious than you might think. SonicWall has just patched a critical vulnerability in its SMA 100 series appliances, but here’s the alarming part: this flaw, identified as CVE-2025-40602, has already been actively exploited in the wild. This isn’t just a theoretical threat—it’s a real-world issue that could compromise your systems if left unaddressed. But here’s where it gets even more concerning: this vulnerability, with a CVSS score of 6.6, allows for local privilege escalation due to insufficient authorization in the appliance management console (AMC). What does this mean for you? If exploited, it could grant attackers unauthorized access to your network, potentially leading to data breaches or system takeovers.
The affected versions include:
- 12.4.3-03093 and earlier – Fixed in 12.4.3-03245
- 12.5.0-02002 and earlier – Fixed in 12.5.0-02283
And this is the part most people miss: CVE-2025-40602 is particularly dangerous when paired with CVE-2025-23006, a previously patched vulnerability with a staggering CVSS score of 9.8. Together, they can enable unauthenticated remote code execution with root privileges—a nightmare scenario for any IT team. SonicWall addressed CVE-2025-23006 back in January 2025 with the release of version 12.4.3-02854, but the combination of these flaws highlights the importance of staying vigilant and proactive.
Controversial question: Are we doing enough to protect our networks from these evolving threats? While Clément Lecigne and Zander Work from Google’s Threat Intelligence Group deserve credit for discovering CVE-2025-40602, the lack of details about the scale and origin of the attacks raises concerns. Is this part of a larger, coordinated campaign? Back in July, Google flagged a cluster named UNC6148 targeting fully-patched, end-of-life SonicWall SMA 100 devices to deploy a backdoor called OVERSTEP. While it’s unclear if these incidents are related, the pattern suggests a growing trend of targeting legacy systems.
For SonicWall SMA 100 users, the message is clear: apply the patches immediately. Delaying could leave your network exposed to active exploitation. And if you’re using end-of-life devices, it might be time to reconsider your security strategy altogether.
What’s your take? Do you think companies like SonicWall are doing enough to protect their users, or is the onus entirely on us to stay ahead of these threats? Let us know in the comments below.
Found this article eye-opening? Stay ahead of the curve by following us on Google News, Twitter, and LinkedIn for more exclusive insights and updates.
