Ref# ADV2025_439 | Date: Dec 18th 2025

---

SonicWall published security advisories to address vulnerabilities in the following products on December 17, 2025. It is recommended that you take these necessary precautions by ensuring your products are always updated. 

• SMA 100 – versions 12.4.3-03093 (platform-hotfix) and prior 

• SMA 100 – versions 12.5.0-02002 (platform-hotfix) and prior 

 

Update 1 

On December 17, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-40602 to their Known Exploited Vulnerabilities (KEV) Database. 

Open-source reporting indicates that CVE-2025-40602 is being exploited. 

• SonicWall SMA1000 appliance local privilege escalation vulnerability 

• SonicWall Security Advisories 

• CISA KEV : CVE-2025-40602 

 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

References 

• Security Advisory. (n.d.). https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 

• Security Advisory. (n.d.). https://psirt.global.sonicwall.com/vuln-list 

• Known Exploited Vulnerabilities Catalog | CISA. (n.d.). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40602 

• SonicWall Security Advisory. Update 1. (December 17th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/sonicwall-security-advisory-av25-845