CVE-2025-40602MEDIUM 6.6CISA KEVEPSS p77.1%

CVE-2025-40602SonicWall SMA1000 Missing Authorization Vulnerability

SonicWall / SMA1000 appliance

Description

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.

Scoring

CVSS 3.16.6 (MEDIUM)
VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS1.91% probability of exploitation · percentile 77.1% · 2026-06-19T12:03:05Z
Published2025-12-18
Last modified2025-12-19

CISA KEV entry

Added to KEV: 2025-12-17

Underlying weaknesses· 2

CWE-250CWE-862

References

  1. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602

2

TypeTargetConfidenceTier
WeaknessExecution with Unnecessary Privilegescwe-2500%live
WeaknessMissing Authorizationcwe-8620%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySonicWall SMA1000 Missing Authorization Vulnerabilitykev-cve-2025-406020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SonicWall SMA1000 Appliances Deserialization Vulnerability
CVE
SonicWall SMA100 Appliances OS Command Injection Vulnerability
CVE
SonicWall SonicOS Improper Access Control Vulnerability
CVE
SonicWall SMA100 SQL Injection Vulnerability
CVE
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
CVE
CVE-2026-0204
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.