Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN883
_____________________________________________________________________

DATE                : 19/12/2025

HARDWARE PLATFORM(S): SMA1000.

OPERATING SYSTEM(S): SMA1000 software versions prior to 12.4.3-03245
                  (platform-hotfix), 12.5.0-02283 (platform-hotfix).

=====================================================================
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
_____________________________________________________________________


SonicWall SMA1000 appliance local privilege escalation vulnerability
6.6
Overview
Advisory ID 	SNWLID-2025-0019
First Published 	2025-12-17
Last Updated 	2025-12-18
Workaround 	true
Status 	Applicable
CVE 	CVE-2025-40602
CWE 	CWE-862, CWE-250
CVSS v3 	6.6
CVSS Vector 	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Direct Link 

	
Summary

A local privilege escalation vulnerability due to insufficient
authorization in the SonicWall SMA1000 appliance management
console (AMC).

Please note that SonicWall Firewall products are not affected by
this vulnerability.


Affected Product(s)

Affected Product                 Affected Version(s)

SMA1000  12.4.3-03093 (platform-hotfix) and earlier versions.
         12.5.0-02002 (platform-hotfix) and earlier versions.

Note: This vulnerability does not affect SSL-VPN running on
SonicWall firewalls.

The latest platform-hotfix is available for download on
mysonicwall.com


CPE(s)


Workaround

Restrict access to Appliance management console (AMC):

    SSH access only via VPN or specific admin IPs end,
    Disable SSL VPN management interface (AMC) and SSH
access from the public internet.


Fixed Software

Fixed Product                  Fixed Version(s)

SMA1000  12.4.3-03245 (platform-hotfix) and higher versions.
         12.5.0-02283 (platform-hotfix) and higher versions.

Comments

IMPORTANT: This vulnerability was reported to be leveraged in
combination with CVE-2025-23006 (CVSS score 9.8) to achieve
unauthenticated remote code execution with root privileges.
CVE-2025-23006 was remediated in build version 12.4.3-02854
(platform-hotfix) and higher versions (released on Jan 22, 2025).

SonicWall PSIRT strongly advises users of the SMA1000 product
to upgrade to the latest hotfix release version to address
the vulnerability.

Note:

- The only known exploitation paths for CVE-2025-40602 (CVSS 6.6)
require either that CVE-2025-23006 (CVSS 9.8) remains unpatched,
or that the threat actor already possesses access to a local
system account.

- If CVE-2025-23006 has not been patched, the system is already
exposed to a critical vulnerability. In this scenario, chaining
CVE-2025-40602 does not materially increase the overall risk
or attack surface.


Credit(s)

Clément Lecigne and Zander Work of Google Threat Intelligence
Group

Revision History

    Version

    1.0

    Date

    17-Dec-2025

    Description

    Initial Release.

    ---------------------------------------

    Version

    1.1

    Date

    18-Dec-2025

    Description

    Comments section updated: CVE-2025-40602 vulnerability risk
assessment note added.


Reference(s)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================