CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

A zero-day local privilege escalation (CVE-2025-40602) in SonicWall Secure Mobile Access (SMA) 1000 was disclosed and reported as being exploited in the wild in a chained attack with CVE-2025-23006; together these flaws can enable unauthenticated attackers to achieve root code execution. SonicWall has published an advisory and fixed versions; administrators are advised to apply the provided patches or restrict AMC access as a workaround and review Tenable plugins for detection.