SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks.
The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall products.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-40601 |
| CWE | CWE-121 |
| CVSS Score | 7.5 (High) |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Understanding the Vulnerability
The vulnerability exists in the SSLVPN service component of SonicOS and stems from a stack-based buffer overflow weakness (CWE-121).
When exploited, an attacker can send specially crafted requests to the vulnerable SSLVPN interface without authentication, causing the affected firewall to crash and interrupting services.
SonicWall states that this vulnerability only impacts devices with the SSLVPN interface or service enabled on the firewall. Organizations that do not use this feature remain unaffected.
Currently, SonicWall PSIRT reports no active exploitation in the wild, and no proof-of-concept code has been publicly released.
| Platform | Models | Affected Versions | Fixed Version |
|---|---|---|---|
| Gen7 Hardware Firewalls | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700-6700, NSsp 10700-15700 | 7.3.0-7012 and older | 7.3.1-7013 and higher |
| Gen7 Virtual Firewalls (NSv) | NSv270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) | 7.3.0-7012 and older | 7.3.1-7013 and higher |
| Gen8 Firewalls | TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800-5800 | 8.0.2-8011 and older | 8.0.3-8011 and higher |
The vulnerability impacts both Gen7 and Gen8 SonicWall firewalls across hardware and virtual platforms.
Gen7 devices running firmware versions 7.3.0-7012 and older are vulnerable, while Gen8 firewalls with versions 8.0.2-8011 and earlier are affected. SonicWall Gen6 firewalls and SMA 1000/100 series SSL VPN products are not impacted.
SonicWall strongly urges organizations to update to the patched firmware versions immediately.
Until patches can be applied, administrators should restrict SSLVPN access to trusted source IP addresses only or disable the service from untrusted internet sources by modifying existing access rules.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
