SonicWall has rolled out fixes to tackle a safety flaw in Safe Cellular Entry (SMA) 100 collection home equipment that it mentioned has been actively exploited within the wild.
The vulnerability, tracked as CVE-2025-40602 (CVSS rating: 6.6), considerations a case of native privilege escalation that arises on account of inadequate authorization within the equipment administration console (AMC).
It impacts the next variations –
- 12.4.3-03093 (platform-hotfix) and earlier variations – Mounted in 12.4.3-03245 (platform-hotfix)
- 12.5.0-02002 (platform-hotfix) and earlier variations – Mounted in 12.5.0-02283 (platform-hotfix)
“This vulnerability was reported to be leveraged together with CVE-2025-23006 (CVSS rating 9.8) to attain unauthenticated distant code execution with root privileges,” SonicWall mentioned.
It is price noting that CVE-2025-23006 was patched by the corporate in late January 2025 in model 12.4.3-02854 (platform-hotfix).
Clément Lecigne and Zander Work of Google Risk Intelligence Group (GTIG) have been credited with discovering and reporting CVE-2025-40602. There are presently no particulars on the size of the assaults and who’s behind the efforts.
Again in July, Google mentioned it is monitoring a cluster named UNC6148 that is focusing on fully-patched end-of-life SonicWall SMA 100 collection gadgets as a part of a marketing campaign designed to drop a backdoor known as OVERSTEP. It is presently not clear if these actions are associated.
In gentle of energetic exploitation, it is important that SonicWall SMA 100 collection customers apply the fixes as quickly as doable.
