**SonicWall Warns of Actively Exploited Flaw in SMA 100 AMC**

Security researchers are sounding the alarm after SonicWall issued a warning about an actively exploited flaw in its SMA 100 Appliance Management Console (AMC). The vulnerability, tracked as CVE-2025-40602, is being exploited by attackers to gain elevated privileges on affected systems.

The flaw is described as a "local privilege escalation" issue that stems from insufficient authorization in the SonicWall SMA 1000 appliance management console. According to SonicWall's advisory, the vulnerability was chained with another previously patched issue (CVE-2025-23006) to achieve unauthenticated remote code execution with root privileges.

Notably, this is not a vulnerability that affects SonicWall Firewall products, as explicitly stated by the company in its advisory. However, users of the SMA 1000 product are urged to upgrade to the latest hotfix release version to address the issue.

The vulnerability was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, who also discovered the chaining with CVE-2025-23006. This exploit was added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog in late January.

While SonicWall has not disclosed details about the attacks that exploited the flaw as a zero-day, nor the attackers' motivations, users are strongly advised to take immediate action to mitigate this vulnerability. It's essential for security professionals and organizations with SMA 1000 deployments to prioritize patching and upgrading their systems to the latest version.

The full advisory from SonicWall can be found below:

**SonicWall Advisory:**

"A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA 1000 appliance management console (AMC).

Please note that SonicWall Firewall products are not affected by this vulnerability.

This vulnerability was reported to be leveraged in combination with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges. CVE-2025-23006 was remediated in build version 12.4.3-02854 (platform-hotfix) and higher versions (released on Jan 22, 2025).

SonicWall PSIRT strongly advises users of the SMA 1000 product to upgrade to the latest hotfix release version to address the vulnerability."

Stay informed about the latest security news and threats by following me on Twitter: @securityaffairs and Facebook and Mastodon.