CVE-2025-40602
CVE-2025-40602
In short
The SonicWall SMA1000 management console fails to properly check user permissions, allowing someone with local access to gain higher privileges than they should have.
Technical detail
This authorization bypass vulnerability (CWE-862) in the AMC permits local users to escalate privileges through insufficient permission validation mechanisms. An authenticated attacker with low-privilege local access can exploit this to perform administrative functions without proper authorization checks.
Summary generated and translated by AI from the official description.
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
SonicWall · SMA1000public PoCs found — 2
githubgithub.com/rxerium/CVE-2025-40602★ 3githubgithub.com/cyberleelawat/CVE-2025-40602★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →