SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

According to SonicWall, this medium-severity local privilege escalation security flaw (CVE-2025–40602) was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, and doesn’t affect SSL-VPN running on SonicWall firewalls.

“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the company said in a Wednesday advisory.