Overview
- SonicWall credits Google Threat Intelligence Group researchers Clément Lecigne and Zander Work with reporting CVE-2025-40602.
- Fixes are available in builds 12.4.3-03245 and 12.5.0-02283 or later, with SonicWall pressing customers to upgrade without delay.
- The company confirms in-the-wild exploitation and says the issue affects the SMA1000 Appliance Management Console, not SonicWall firewall products.
- Shadowserver reports more than 950 SMA1000 appliances exposed on the internet that could be at risk if not patched.
- SonicWall advises restricting AMC access to specific admin IPs and disabling public AMC and SSH, and it has not shared indicators of compromise or attribution details.