Affected Vendors
- SonicWall: 1 CVE
This was a light week in router and network appliance vulnerabilities, with just one new CVE reported. While the volume is modest, the issue affects a widely deployed product line and warrants attention from administrators managing SonicWall infrastructure.
This Week's Vulnerability
CVE-2025-40603 (Medium, CVSS 4.5) impacts SonicWall SMA100 Series appliances. The vulnerability allows a remote, authenticated administrator to view partial user credentials exposed in log files under certain conditions. While this requires valid administrator access, credential exposure in logs is a notable security concern—especially in environments where log files are accessed by multiple team members or forwarded to centralized logging systems.
What you should do: If you operate SonicWall SMA100 Series appliances, check the SonicWall security advisories portal for available patches. Review your current firmware version and plan an update timeline. Additionally, audit your log file access controls to ensure that sensitive information in logs is restricted to authorized personnel only. Consider implementing log scrubbing or masking for credential data if not already in place.
For most environments, this is a medium-priority issue, but it should be included in your next maintenance window.