SonicWall security patch release for CVE-2025-40602
Security Patch Release
Summary
Hide ▲
Show ▼
SonicWall released fixes for SMA 100 series appliances after CVE-2025-40602 was reported actively exploited in the wild, closing a path to local privilege escalation in the appliance management console. The update covers 12.4.3-03093 and earlier and 12.5.0-02002 and earlier, with fixes in 12.4.3-03245 and 12.5.0-02283. SonicWall also said the flaw had reportedly been chained with CVE-2025-23006 to reach unauthenticated remote code execution with root privileges, making prompt deployment important.
Related Happenings
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
First: 04.03.2026 21:12
Last: 04.03.2026 21:12
Sources 1
About this happening:
**Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch ReleaseAbout this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Latest development: 20.03.2026 17:09
CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
SolarWinds security patch release for CVE-2025-40538
Security Patch Release
First: 25.02.2026 09:04
Last: 25.02.2026 09:04
Sources 1
About this happening:
**SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
SolarWinds security patch release for CVE-2025-40538
Security Patch ReleaseAbout this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data Leak
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
About this happening:
**SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data LeakAbout this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045
Security Patch Release
First: 22.01.2026 00:16
Last: 22.01.2026 00:16
Sources 1
About this happening:
**Cisco** released **version-specific updates and patch files** for **CVE-2026-20045**, a critical **remote code execution** flaw affecting **Unified CM**, **SME**, **IM & Presenc...
Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045
Security Patch ReleaseAbout this happening: **Cisco** released **version-specific updates and patch files** for **CVE-2026-20045**, a critical **remote code execution** flaw affecting **Unified CM**, **SME**, **IM & Presenc...
Timeline
-
17.12.2025 20:17 2 articles · 5mo ago
SonicWall patches actively exploited CVE-2025-40602 in SMA 100 appliances
Mitigation Patch UpdateSonicWall rolled out fixes for Secure Mobile Access (SMA) 100 series appliances after CVE-2025-40602 was reported as actively exploited in the wild. The flaw is a CVSS 6.6 local privilege escalation in the appliance management console (AMC), and SonicWall said it was reportedly chained with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges. Fixed platform-hotfix builds are 12.4.3-03245 for 12.4.3-03093 and earlier, and 12.5.0-02283 for 12.5.0-02002 and earlier; Clément Lecigne and Zander Work of Google Threat Intelligence Group (GTIG) were credited with discovering and reporting CVE-2025-40602.
Show sources
- SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances — thehackernews.com — 17.12.2025 20:17
- SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances — thehackernews.com — 17.12.2025 20:17