CVE-2025-40602
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-19
Assigner: SonicWALL, Inc.
Description
Description
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonicwall | sma6200_firmware | to 12.4.3-03245 (exc) |
| sonicwall | sma6200_firmware | From 12.5.0 (inc) to 12.5.0-02283 (exc) |
| sonicwall | sma6200 | * |
| sonicwall | sma6210_firmware | to 12.4.3-03245 (exc) |
| sonicwall | sma6210_firmware | From 12.5.0 (inc) to 12.5.0-02283 (exc) |
| sonicwall | sma6210 | * |
| sonicwall | sma7200_firmware | to 12.4.3-03245 (exc) |
| sonicwall | sma7200_firmware | From 12.5.0 (inc) to 12.5.0-02283 (exc) |
| sonicwall | sma7200 | * |
| sonicwall | sma7210_firmware | to 12.4.3-03245 (exc) |
| sonicwall | sma7210_firmware | From 12.5.0 (inc) to 12.5.0-02283 (exc) |
| sonicwall | sma7210 | * |
| sonicwall | sma8200v | to 12.4.3-03245 (exc) |
| sonicwall | sma8200v | From 12.5.0 (inc) to 12.5.0-02283 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
