SonicWall Edge Access Devices Hit by Zero-Day Attacks - Dark Reading

VULNERABILITIES & THREATS CYBERATTACKS & DATA BREACHES CYBER RISK APPLICATION SECURITY NEWS SonicWall Edge Access Devices Hit by Zero-Day Attacks In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year. Rob Wright,Senior News Director,Dark Reading December 18, 2025 2 Min Read SOURCE: REMUS RIGO VIA ALAMY STOCK PHOTO SonicWall Wednesday disclosed a zero-day vulnerability impacting its SMA1000 access platform that is under active exploitation via chained attacks.  CVE-2025-40602 is a medium-severity local privilege escalation vulnerability in SonicWall's SMA1000 appliance management console (AMC). The flaw, which received a 6.6 CVSS score, stems from insufficient authorization in the AMC, according to SonicWall's advisory. The vendor said the zero-day vulnerability has reportedly been exploited in the wild in chain attacks with an older critical flaw, CVE-2025-23006. The critical vulnerability, which also affects SMA100 devices, came under zero-day attacks in January. "The only known exploitation paths for CVE-2025-40602 (CVSS 6.6) require either that CVE-2025-23006 (CVSS 9.8) remains unpatched, or that the threat actor already possesses access to a local system account," SonicWall said in its advisory. Mitigating CVE-2025-23006 Related:Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos The scope and source of the attacks on CVE-2025-40602 is unclear. SonicWall's advisory does not include information on the exploitation activity. Dark Reading contacted SonicWall for comment on the activity and, while the vendor responded with a statement, it did not comment directly on the attacks. Researchers Clément Lecigne and Zander Work of Google's Threat Intelligence Group were credited with the discovery of CVE-2025-40602. SonicWall strongly advised customers to apply the hotfixes for vulnerability, which are included in version 12.4.3-03245 and higher, and version 12.5.0-02283 and higher. Additional mitigations include restricting access to the AMC with SSH access only through a VPN or specific administrator IP address, or disabling the SSL VPN management interface in AMC and SSH access from the public Internet. "If CVE-2025-23006 has not been patched, the system is already exposed to a critical vulnerability. In this scenario, chaining CVE-2025-40602 does not materially increase the overall risk or attack surface," SonicWall said. The attacks on CVE-2025-40602 aren't the worst threats to SonicWall customers this year. In October, the vendor acknowledged that threat actors breached a cloud backup service and obtained the firewall configuration data of all customers using the service. Over the summer, customers were hit with a wave of attacks by the Akira ransomware gang. While researchers initially suspected the attacks stemmed from a new zero-day flaw under exploitation, SonicWall later confirmed that ransomware actors were exploiting an older vulnerability, CVE-2024-40766, affecting firewall devices. Related:Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical About the Author Rob Wright Senior News Director, Dark Reading Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.  More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like VULNERABILITIES & THREATS Microsoft Rushes Emergency Patch for Office Zero-Day by Jai Vijayan, Contributing Writer JAN 27, 2026 VULNERABILITIES & THREATS Critical Flaw in Oracle Identity Manager Under Exploitation by Rob Wright NOV 24, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 VULNERABILITIES & THREATS Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit by Kristina Beek, Associate Editor, Dark Reading MAR 17, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE