## https://sploitus.com/exploit?id=DF2DAE51-6436-5C88-A716-75FC9620630C
# CVE-2025-40602
CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of SonicWall Secure Mobile Access (SMA) 1000 series appliances. The vulnerability stems from insufficient authorization in the AMC, allowing authenticated remote attackers to escalate privileges on affected devices. When chained with CVE-2025-23006, attackers can achieve unauthenticated remote code execution with root privileges. This zero-day vulnerability has been actively exploited in the wild and was added to CISA's Known Exploited Vulnerabilities catalog on December 17, 2025.
## How does this detection method work?
This Nuclei template uses a strictly conservative detection approach that only flags explicitly verified vulnerable versions with complete build numbers. The template employs two active DSL matchers: `contains(version, "12.4.3-") && compare_versions(version, " How do I run this script?
1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repostory to your local system.
3. Run the following command:
```sh
nuclei -u -t template.yaml
```
Or if you would like to scan a list of hosts, execute:
```sh
nuclei -l -t template.yaml
```
## References
- https://nvd.nist.gov/vuln/detail/CVE-2025-40602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html
- https://www.tenable.com/blog/cve-2025-40602-sonicwall-secure-mobile-access-sma-1000-zero-day-exploited
- https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
---
## License
This project is licensed under the MIT License.
## Contact
If you have any questions about this vulnerability detection script please reach out to me via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).
If you would like to connect, I am mostly active on [Twitter/X](https://x.com/rxerium) and [LinkedIn](https://www.linkedin.com/in/rxerium/).