Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SonicWall SMA1000 Appliance Management Console AMC privilege escalation privilege-escalation flaw (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 63
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-40602 in SonicWall SMA1000 Appliance Management Console (AMC) is being actively chained in zero-day attacks, creating privilege-escalation and root-level RCE risk for exposed appliances. SonicWall said the flaw is a medium-severity local privilege escalation issue and told customers to move to the latest hotfix release version. The vulnerability matters because it can be combined with CVE-2025-23006 to reach unauthenticated remote code execution with root privileges.

Related Happenings

SonicWall MySonicWall cloud backup breach exposing firewall backup files

Data Leak
First: 29.01.2026 19:57 Last: 29.01.2026 19:57 Sources 1

About this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...

Open Happening

Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)

Exploitation Wave
First: 25.12.2025 10:07 Last: 25.12.2025 10:07 Sources 1

About this happening: **CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...

Open Happening

SonicWall MySonicWall credential reset advisory

Advisory/Mitigation
First: 05.11.2025 19:13 Last: 05.11.2025 19:13 Sources 1

About this happening: **SonicWall** issued an urgent mitigation for exposed **MySonicWall** backup-file secrets, telling customers to reset credentials and shared secrets to reduce the risk of follow-o...

Open Happening

SonicWall cloud backup customers data exposed after SonicWall breach

Data Leak
First: 09.10.2025 14:10 Last: 09.10.2025 14:10 Sources 1

About this happening: **SonicWall** confirmed that a **state-sponsored threat actor** carried out the **September 2025 cloud backup breach**, using an **API call** to access **firewall configuration ba...

Latest development: 06.11.2025 07:40

SonicWall said a state-sponsored threat actor was responsible for the September unauthorized access to cloud backup files from a specific cloud environment using an API call, and said the incident was unrelated to Akira ransomware activity.

Open Happening

SonicWall cloud-backup remediation guidance

Advisory/Mitigation
First: 09.10.2025 14:10 Last: 09.10.2025 14:10 Sources 1

About this happening: **SonicWall** issued updated **remediation tools and guidance** for customers affected by the cloud-backup exposure, directing admins to assess listed firewalls and reduce **WAN**...

Open Happening

Timeline

  1. 17.12.2025 19:44 1 articles · 5mo ago

    CVE-2025-23006 hotfix release

    Mitigation Patch Update

    SonicWall remediated CVE-2025-23006 in build version 12.4.3-02854 (platform-hotfix) and higher versions released on Jan 22, 2025, fixing the SMA1000 pre-authentication deserialization flaw later used in the SMA1000 attack chain.

    Show sources
    Open in new tab
  2. 17.12.2025 19:44 2 articles · 5mo ago

    SonicWall warns on SMA1000 zero-day chaining

    Initial Disclosure

    On Dec. 17, 2025, SonicWall warned customers to upgrade to the latest hotfix release version after CVE-2025-40602 in the SonicWall SMA1000 Appliance Management Console (AMC) was chained in zero-day attacks with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges; the company said the flaw was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, does not affect SSL-VPN running on SonicWall firewalls, and Shadowserver tracks over 950 SMA1000 appliances exposed online.

    Show sources
    Open in new tab