SonicWall Devices Under Attack via New Zero-Day Vulnerability

SonicWall's new zero-day flaw CVE-2025-40602 is exploited; apply urgent fixes to prevent privilege escalation attacks.

By Content Team

Dec 19, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

SonicWall disclosed that hackers are actively exploiting a new zero-day vulnerability (CVE-2025-40602) in its SMA1000 access devices. The medium-severity flaw allows privilege escalation and is being chained with an older critical vulnerability from January attacks.

Google researchers discovered the vulnerability, which stems from insufficient authorization in the device management console. SonicWall urges customers to immediately apply hotfixes in versions 12.4.3-03245 and 12.5.0-02283 or higher.

This marks another challenging year for SonicWall customers, following October's cloud backup breach that exposed all customer firewall configurations and summer ransomware attacks by the Akira gang.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

ICO Says Sultana's Unauthorised Party Launch May Be Criminal Matter for Police

Jan 10, 2026

Instagram Fixes Password Reset Bug as Old Data Leak Resurfaces

Jan 12, 2026

Critical Zlib Vulnerability Allows Buffer Overflow Attacks Through Command Line

Jan 12, 2026

What to Do When You Get a Data Breach Notice

Mar 4, 2026