CVE-2025-40602

Medium KEV CVSS: 6.6

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Vendor

Product

CWE

Yayın Tarihi

2025-12-18 11:15:46

Güncelleme

2025-12-19 13:57:43

Source Identifier

PSIRT@sonicwall.com

KEV Date Added

2025-12-17

CWE-250 Sma6200 Firmware MEDIUM Sonicwall 2025

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40602

Medium

CVE-2026-3439

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker…

Medium

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0401

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0402

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to impr…

High

CVE-2025-40601

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to ca…