SonicWall SMA1000 Missing Authorization Vulnerability

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

Weakness Classification

CWE-862

CWE-250

References

Check for signs of potential compromise on all internet accessible SonicWall SMA1000 instances after applying mitigations. For more information please see: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

https://nvd.nist.gov/vuln/detail/CVE-2025-40602

Cybersecurity Alerts

CVE-2025-40602

SonicWall SMA1000 Missing Authorization Vulnerability

Required Action

Weakness Classification

References