A critical zero-day vulnerability, identified as CVE-2025-40602, affecting SonicWall Secure Mobile Access (SMA) 1000 series appliances is under active exploitation. This significant security flaw allows for remote code execution (RCE), posing a substantial risk to organizations utilizing these devices.

Security researchers have confirmed that threat actors are actively leveraging this vulnerability in the wild. The exploitation of CVE-2025-40602 can enable unauthorized access and control over affected SonicWall SMA 1000 devices, potentially leading to further network compromise.

Understanding CVE-2025-40602 and Its Impact

CVE-2025-40602 specifically targets SonicWall SMA 1000 series appliances. As a zero-day vulnerability, it means that the flaw was exploited before the vendor had developed and released a patch. The ability for remote code execution allows an attacker to run arbitrary commands on the vulnerable system, which can have severe consequences including data theft, system disruption, or deployment of additional malicious payloads.

Immediate Action Required for SonicWall Users

Organizations operating SonicWall SMA 1000 series appliances must prioritize immediate action to mitigate the risks associated with CVE-2025-40602. SonicWall has released patches to address this vulnerability. Applying these updates promptly is essential to protect against ongoing exploitation attempts. Additionally, monitoring network logs for any suspicious activity originating from or targeting SMA 1000 devices is recommended.

Source: https://www.tenable.com/blog/cve-2025-40602-sonicwall-secure-mobile-access-sma-1000-zero-day-exploited