SonicWall has rolled out fixes to handle a security flaw in Safe Cell Entry (SMA) 100 collection home equipment that it stated has been actively exploited within the wild.
The vulnerability, tracked as CVE-2025-40602 (CVSS rating: 6.6), issues a case of native privilege escalation that arises because of inadequate authorization within the equipment administration console (AMC).
It impacts the next variations –
- 12.4.3-03093 (platform-hotfix) and earlier variations – Mounted in 12.4.3-03245 (platform-hotfix)
- 12.5.0-02002 (platform-hotfix) and earlier variations – Mounted in 12.5.0-02283 (platform-hotfix)
“This vulnerability was reported to be leveraged together with CVE-2025-23006 (CVSS rating 9.8) to attain unauthenticated distant code execution with root privileges,” SonicWall stated.
It is price noting that CVE-2025-23006 was patched by the corporate in late January 2025 in model 12.4.3-02854 (platform-hotfix).
Clément Lecigne and Zander Work of Google Menace Intelligence Group (GTIG) have been credited with discovering and reporting CVE-2025-40602. There are presently no particulars on the size of the assaults and who’s behind the efforts.
Again in July, Google stated it is monitoring a cluster named UNC6148 that is focusing on fully-patched end-of-life SonicWall SMA 100 collection units as a part of a marketing campaign designed to drop a backdoor known as OVERSTEP. It is presently not clear if these actions are associated.
In gentle of energetic exploitation, it is important that SonicWall SMA 100 collection customers apply the fixes as quickly as doable.
