The Daily Patch
Back to News
vulnerability🌐InternationalBleepingComputer

Sonicwall warns of new SMA1000 zero-day exploited in attacks

Wednesday, December 17, 2025

Sonicwall warns of new SMA1000 zero-day exploited in attacks

What

A local privilege escalation vulnerability in the SonicWall SMA1000 Appliance Management Console is being exploited in conjunction with a critical pre-authentication deserialization flaw to execute arbitrary OS commands.

Where

SonicWall SMA1000 appliances used by large organizations globally for secure remote access.

When

The vulnerabilities were reported on December 17, 2025, with the critical flaw remediated in January 2025.

Key Factors

  • CVE-2025-40602 allows local privilege escalation.
  • CVE-2025-23006 enables unauthenticated remote code execution with a CVSS score of 9.8.
  • Over 950 SMA1000 appliances are currently exposed online, increasing the risk of exploitation.

Takeaways

  • Organizations must prioritize patching vulnerabilities in critical infrastructure devices.
  • The exploitation of chained vulnerabilities highlights the need for robust security measures in remote access solutions.
  • Immediate application of the latest hotfix is essential to mitigate risks associated with these vulnerabilities.
Read Full Article

Opens original article on BleepingComputer

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed