Critical

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

Help Net Security
Actively Exploited

Overview

SonicWall has issued a hotfix for a local privilege escalation vulnerability, identified as CVE-2025-40602, that affects its Secure Mobile Access (SMA) 1000 appliances. This flaw is currently being exploited by attackers, particularly in combination with another vulnerability, CVE-2025-23006, which allows for unauthenticated remote code execution with root privileges. Organizations using SMA 1000 appliances are at risk, as this could enable unauthorized access and control over their systems. SonicWall is urging all customers to apply the patch promptly to mitigate the risk of exploitation. The situation highlights the ongoing need for vigilance and timely updates in cybersecurity practices.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: SonicWall Secure Mobile Access (SMA) 1000 appliances
  • Action Required: Customers are advised to apply the hotfix provided by SonicWall to address the vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges,” the company said. About CVE-2025-40602 SonicWall Secure Mobile Access (SMA) 1000 appliances/gateways are used by large, distributed enterprises to allow employees … More → The post Actively exploited SonicWall zero-day patched (CVE-2025-40602) appeared first on Help Net Security.

Impact

SonicWall Secure Mobile Access (SMA) 1000 appliances

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Customers are advised to apply the hotfix provided by SonicWall to address the vulnerability.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Vulnerability, and 2 more.

Related Coverage

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026

Forgotten Bootloaders Expose Secure Boot Blind Spot

darkreading

Researchers have discovered that nearly a dozen UEFI shim bootloaders, which were deemed vulnerable and subsequently revoked, remained trusted for years. This oversight allowed attackers an opportunity to bypass the Secure Boot feature designed to protect systems from unauthorized software. The situation raises significant security concerns, particularly for users and organizations relying on Secure Boot to safeguard their devices. The affected bootloaders could have been exploited to run malicious code, potentially compromising the integrity of the systems. As this issue has persisted for some time, it highlights the need for better management of trusted software components in the boot process.

Jul 15, 2026

Europe built the world's strongest privacy law. WhatsApp just found the gap it doesn't cover.

SCM feed for Latest

A recent discussion around WhatsApp's use of usernames has raised concerns about privacy and identity verification. While usernames can enhance user privacy by allowing individuals to avoid sharing phone numbers, they also create a loophole that could be exploited for fraud. This change in how users identify themselves on the platform could make it easier for scammers to impersonate others, leading to increased risks for users. As WhatsApp continues to navigate these privacy features, the balance between protecting user identity and ensuring security is becoming more complicated. This situation is particularly relevant given the strong privacy laws in Europe that WhatsApp must comply with.

Jul 15, 2026

CISA warns that three SharePoint Server bugs are actively exploited

SCM feed for Latest

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about three vulnerabilities in SharePoint Server that are currently being exploited by attackers. Federal agencies have until July 17 to apply patches to mitigate the risks associated with these flaws. The vulnerabilities could allow unauthorized access and manipulation of sensitive data, posing a significant threat to organizations using these systems. It's crucial for users of SharePoint Server to take immediate action to protect their environments from potential breaches. Ignoring these vulnerabilities could lead to serious security incidents and data loss.

Jul 15, 2026

SonicWall customers under threat as attackers exploit 2 zero-days

CyberScoop

SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.

Jul 15, 2026

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

The Hacker News

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Jul 15, 2026