Key Findings SonicWall has released fixes to address a security flaw, CVE-2025-40602, in its Secure Mobile Access (SMA) 100 series appliances. The vulnerability, with a CVSS score of 6.6, allows for local privilege escalation due to insufficient authorization in the appliance management console (AMC). The vulnerability was reported to be exploited in combination with CVE-2025-23006 (CVSS 9.8) to achieve unauthenticated remote code execution with root privileges. CVE-2025-2300
