The CISA remediation deadline for critical vulnerabilities in Cisco Secure Email (CVE-2025-20393) and SonicWall SMA1000 (CVE-2025-40602) has officially expired as of December 24. Any organization still running these internet-facing devices without the latest patches is now in a state of high-risk non-compliance and likely being actively scanned by nation-state actors.
Business Impact
Failure to patch these “edge” devices is like leaving the front door unlocked during a holiday break. These vulnerabilities allow for unauthenticated remote code execution or privilege escalation, which serve as the first step for ransomware groups like Salt Typhoon and various APT groups.
Why It Happened
These flaws target foundational networking infrastructure that is often difficult to patch without downtime. Attackers recognize that organizations are slow to update these critical “backbone” routers and gateways during the busy December period.
Recommended Executive Action
Run an emergency audit of your perimeter devices today. If the Cisco or SonicWall appliances have not been updated, they must be isolated from the network immediately until remediation is confirmed. Check for signs of unauthorized admin account creation in the logs.
Hashtags: #CISA #KEV #Cisco #SonicWall #Vulnerability #Compliance #PatchAlert #NetworkSecurity #InfoSec