Find notable cyber news and cases, enriched with sources, timelines, and signals.

SonicWall security patch release for CVE-2025-40602

Security Patch Release
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

SonicWall released fixes for SMA 100 series appliances after CVE-2025-40602 was reported actively exploited in the wild, closing a path to local privilege escalation in the appliance management console. The update covers 12.4.3-03093 and earlier and 12.5.0-02002 and earlier, with fixes in 12.4.3-03245 and 12.5.0-02283. SonicWall also said the flaw had reportedly been chained with CVE-2025-23006 to reach unauthenticated remote code execution with root privileges, making prompt deployment important.

Related Happenings

Cisco Unified Communications Manager security update for CVE-2026-20230

Security Patch Release
H score56 First: 04.06.2026 14:09 Last: 04.06.2026 14:09 Sources 1

About this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)

Security Patch Release
H score58 First: 04.03.2026 21:12 Last: 04.03.2026 21:12 Sources 1

About this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...

Latest development: 20.03.2026 17:09

CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.

SolarWinds security patch release for CVE-2025-40538

Security Patch Release
H score64 First: 25.02.2026 09:04 Last: 25.02.2026 09:04 Sources 1

About this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...

SonicWall MySonicWall cloud backup breach exposing firewall backup files

Data Leak
H score40 First: 29.01.2026 19:57 Last: 29.01.2026 19:57 Sources 1

About this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...

Timeline

  1. 17.12.2025 20:17 2 articles · 6mo ago

    SonicWall patches actively exploited CVE-2025-40602 in SMA 100 appliances

    Mitigation Patch Update

    SonicWall rolled out fixes for Secure Mobile Access (SMA) 100 series appliances after CVE-2025-40602 was reported as actively exploited in the wild. The flaw is a CVSS 6.6 local privilege escalation in the appliance management console (AMC), and SonicWall said it was reportedly chained with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges. Fixed platform-hotfix builds are 12.4.3-03245 for 12.4.3-03093 and earlier, and 12.5.0-02283 for 12.5.0-02002 and earlier; Clément Lecigne and Zander Work of Google Threat Intelligence Group (GTIG) were credited with discovering and reporting CVE-2025-40602.

    Show sources