CVE-2025-40602

MEDIUM KEV RANSOMWARE

SonicWall SMA6200/SMA6210/SMA7200/SMA7210/SMA8200v < 12.4.3-03245 Local Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-40602 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 17, 2025, with confirmed use in ransomware campaigns. EIP tracks 2 public exploits from researchers including rxerium, cyberleelawat.

AI-analyzed exploit summary This repository provides a Nuclei template for detecting CVE-2025-40602, a local privilege escalation vulnerability in SonicWall SMA 1000 series appliances. The template uses version matching to identify vulnerable systems with high confidence.

Description

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Exploits (2)

nomisec WRITEUP 3 stars

by rxerium · poc

https://github.com/rxerium/CVE-2025-40602

View Code ZIP pw:eip

This repository provides a Nuclei template for detecting CVE-2025-40602, a local privilege escalation vulnerability in SonicWall SMA 1000 series appliances. The template uses version matching to identify vulnerable systems with high confidence.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SonicWall Secure Mobile Access (SMA) 1000 series appliances (versions 12.4.3-03093 or lower, 12.5.0-02002 or lower)

No auth needed

Prerequisites: Network access to the target appliance · Exposed AMC interface

MITRE ATT&CK

T1595.003 - Wordlist Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by cyberleelawat · poc

https://github.com/cyberleelawat/CVE-2025-40602

View Code ZIP pw:eip

This repository provides a detailed writeup for CVE-2025-40602, a local privilege escalation vulnerability in SonicWall Secure Mobile Access (SMA) 1000 series appliances. It includes vulnerability details, affected versions, mitigation steps, and search engine dorks for identification.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: SonicWall Secure Mobile Access (SMA) 1000 Series

Auth required

Prerequisites: Authenticated access to the SonicWall SMA 1000 management interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602

Scores

CVSS v3 6.6

EPSS 0.0039

EPSS Percentile 60.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-12-17

VulnCheck KEV 2025-12-17

ENISA EUVD EUVD-2025-204255

Ransomware Use Confirmed

CWE

CWE-862 CWE-250

Status published

Products (5)

sonicwall/sma6200_firmware < 12.4.3-03245

sonicwall/sma6210_firmware < 12.4.3-03245

sonicwall/sma7200_firmware < 12.4.3-03245

sonicwall/sma7210_firmware < 12.4.3-03245

sonicwall/sma8200v < 12.4.3-03245

Published Dec 18, 2025

KEV Added Dec 17, 2025

Tracked Since Feb 18, 2026