A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Dec. 17, 2025.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Sonicwall
  • Sma1000
  • Sma6200
  • Sma6200 Firmware
  • Sma6210
  • Sma6210 Firmware
  • Sma7200
  • Sma7200 Firmware
  • Sma7210
  • Sma7210 Firmware
  • Sma8200v

Configuration 1 [-]

AND
OR cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602 cve-icon cve-icon
History

Fri, 19 Dec 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall sma6200
Sonicwall sma6200 Firmware
Sonicwall sma6210
Sonicwall sma6210 Firmware
Sonicwall sma7200
Sonicwall sma7200 Firmware
Sonicwall sma7210
Sonicwall sma7210 Firmware
Sonicwall sma8200v
CPEs cpe:2.3:a:sonicwall:sma8200v:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma6210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma7210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sonicwall sma6200
Sonicwall sma6200 Firmware
Sonicwall sma6210
Sonicwall sma6210 Firmware
Sonicwall sma7200
Sonicwall sma7200 Firmware
Sonicwall sma7210
Sonicwall sma7210 Firmware
Sonicwall sma8200v

Fri, 19 Dec 2025 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall sma1000
Vendors & Products Sonicwall
Sonicwall sma1000

Thu, 18 Dec 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 11:15:00 +0000

Type Values Removed Values Added
Description A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Weaknesses CWE-250
CWE-862
References
Metrics kev

{'dateAdded': '2025-12-17T00:00:00+00:00', 'dueDate': '2025-12-24T00:00:00+00:00'}
cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2025-12-18T10:58:41.668Z

Updated: 2025-12-18T11:32:37.662Z

Reserved: 2025-04-16T08:34:51.361Z

Link: CVE-2025-40602

cve-icon Vulnrichment

Updated: 2025-12-18T11:32:23.365Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-18T11:15:46.760

Modified: 2025-12-19T13:57:43.150

Link: CVE-2025-40602

cve-icon Redhat

No data.