Dec 17, 2025Ravie LakshmananVulnerability / Community Safety
SonicWall has rolled out fixes to handle a safety flaw in Safe Cellular Entry (SMA) 100 collection home equipment that it stated has been actively exploited within the wild.
The vulnerability, tracked as CVE-2025-40602 (CVSS rating: 6.6), issues a case of native privilege escalation that arises because of inadequate authorization within the equipment administration console (AMC).
It impacts the next variations –
12.4.3-03093 (platform-hotfix) and earlier variations – Mounted in 12.4.3-03245 (platform-hotfix)
12.5.0-02002 (platform-hotfix) and earlier variations – Mounted in 12.5.0-02283 (platform-hotfix)
“This vulnerability was reported to be leveraged together with CVE-2025-23006 (CVSS rating 9.8) to realize unauthenticated distant code execution with root privileges,” SonicWall stated.
It is value noting that CVE-2025-23006 was patched by the corporate in late January 2025 in model 12.4.3-02854 (platform-hotfix).
Clément Lecigne and Zander Work of Google Risk Intelligence Group (GTIG) have been credited with discovering and reporting CVE-2025-40602. There are at present no particulars on the dimensions of the assaults and who’s behind the efforts.
Again in July, Google stated it is monitoring a cluster named UNC6148 that is concentrating on fully-patched end-of-life SonicWall SMA 100 collection gadgets as a part of a marketing campaign designed to drop a backdoor referred to as OVERSTEP. It is at present not clear if these actions are associated.
In gentle of energetic exploitation, it is important that SonicWall SMA 100 collection customers apply the fixes as quickly as attainable.
