CVE-2025-40602

ENISA EUVD: EUVD-2025-204255 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 2 articles Published: 2025-12-18
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.39%
probability
This CVE has a 0.39% probability of being exploited in the next 30 days.
0% Top 59.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
6.6
MEDIUM
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Affected Products

SonicWall
SMA1000
12.4.3-03093 (platform-hotfix) and earlier versions 12.5.0-02002 (platform-hotfix) and earlier versions

Attack Intelligence

Exploits & PoC

rxerium/CVE-2025-40602

Detection for CVE-2025-40602

3 2025-12-18
cyberleelawat/CVE-2025-40602

CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of SonicWall Secure Mobile Access (SMA) 1000 se

1 2025-12-18
2 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 0.39%
CVSS v3.1 6.6
Mentions 2
Last Seen Dec 17, 2025

CNA Information

CNA Assigner
sonicwall

Analyst Note

CVE-2025-40602 is explicitly reported as actively exploited in the wild by authoritative sources (TheHackerNews, BleepingComputer), with the latter explicitly naming it a zero-day. The CVE was published 2025-12-18 and exploitation reports coincide with or precede vendor patch availability. The timing aligns with zero-day criteria: active attacks documented contemporaneously with disclosure and remediation.

Threat Actors 2

Watchdog
apt_group 🇨🇳 CN
Shadow Network
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026
Published DateDec 18, 2025