PatchSiren cyber security CVE debrief
CVE-2025-40602 SonicWall CVE debrief
CVE-2025-40602 is a SonicWall SMA1000 appliance missing authorization vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog on 2025-12-17. Because it is a KEV-listed issue, defenders should treat it as a high-priority remediation item, especially for any internet-accessible SMA1000 deployments. CISA’s guidance is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use if mitigations are unavailable, and then check for signs of compromise on exposed instances.
- Vendor
- SonicWall
- Product
- SMA1000 appliance
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-12-17
- Original CVE updated
- 2025-12-17
- Advisory published
- 2025-12-17
- Advisory updated
- 2025-12-17
Who should care
Security and operations teams responsible for SonicWall SMA1000 appliances, especially those exposed to the internet or used as remote access gateways, should prioritize this immediately. Incident responders should also review affected environments for compromise indicators after mitigation.
Technical summary
The supplied sources identify CVE-2025-40602 as a missing authorization vulnerability in the SonicWall SMA1000 appliance. The source corpus does not provide exploit mechanics, affected versions, or a CVSS score, but CISA’s KEV listing indicates the issue is considered actively exploited or sufficiently credible for mandatory prioritization. The most actionable technical signal in the corpus is that internet-accessible SMA1000 instances should be checked for compromise after mitigations are applied.
Defensive priority
Critical for exposed SonicWall SMA1000 environments because the vulnerability is on CISA’s Known Exploited Vulnerabilities catalog with a one-week remediation deadline (due 2025-12-24).
Recommended defensive actions
- Apply SonicWall vendor mitigations as soon as possible.
- If mitigations are unavailable, discontinue use of the product per CISA guidance.
- Follow applicable BOD 22-01 guidance for cloud services where relevant.
- Inventory all SonicWall SMA1000 instances, especially internet-facing deployments.
- After mitigation, inspect exposed SMA1000 systems for signs of potential compromise.
- Validate that any compensating controls remain in place until remediation is complete.
Evidence notes
CISA’s KEV record names the issue as "SonicWall SMA1000 Missing Authorization Vulnerability," lists SonicWall SMA1000 appliance as the product, and sets the due date to 2025-12-24. The KEV entry also instructs defenders to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use if mitigations are unavailable, and to check internet-accessible SonicWall SMA1000 instances for signs of compromise. The supplied corpus does not include a CVSS score, affected-version range, or exploit details beyond the KEV designation.
Official resources
-
CVE-2025-40602 CVE record
CVE.org
-
CVE-2025-40602 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
-
Source item URL
cisa_kev
CVE published and modified on 2025-12-17; CISA KEV also lists the issue on 2025-12-17 with remediation due by 2025-12-24.