SonicWall disclosed that hackers are actively exploiting a new zero-day vulnerability (CVE-2025-40602) in its SMA1000 access devices. The medium-severity flaw allows privilege escalation and is being chained with an older critical vulnerability from January attacks.
Google researchers discovered the vulnerability, which stems from insufficient authorization in the device management console. SonicWall urges customers to immediately apply hotfixes in versions 12.4.3-03245 and 12.5.0-02283 or higher.
This marks another challenging year for SonicWall customers, following October's cloud backup breach that exposed all customer firewall configurations and summer ransomware attacks by the Akira gang.
Source: Dark Reading