Security
Exploiting a New Vulnerability: How Hackers Can Disable SonicWall Firewalls
SonicWall Urges Customers to Patch High-Severity SSLVPN Security Flaw
Recent cybersecurity reports have highlighted a critical security flaw in SonicWall’s SonicOS SSLVPN service. The vulnerability, tracked as CVE-2025-40601, poses a significant threat to vulnerable Gen8 and Gen7 firewalls, both hardware and virtual. This flaw, a stack-based buffer overflow, allows attackers to crash affected firewalls, leading to potential Denial of Service (DoS) attacks.
SonicWall has emphasized the importance of patching this vulnerability promptly to prevent any exploitation. While there have been no reports of active exploitation in the wild or the release of a Proof of Concept (PoC), the company advises network defenders to take precautionary measures to safeguard their systems.
Notably, SonicWall has confirmed that its Gen6 firewalls and SMA 1000/100 series SSL VPN products are not vulnerable to this specific attack. However, to ensure comprehensive security, the company encourages all users to follow the guidance provided in the latest security advisory.
Affected Platforms and Fixed Versions
| Affected Platforms | Fixed versions |
|
Gen7 hardware Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 Gen7 virtual Firewalls (NSv) – NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) |
7.3.1-7013 and higher versions |
| Gen8 Firewalls – TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 | 8.0.3-8011 and higher versions |
For administrators unable to immediately deploy the security updates, SonicWall recommends disabling the SonicOS SSLVPN service or implementing restrictions to limit access to trusted sources.
Aside from the SSLVPN vulnerability, SonicWall has also addressed two critical vulnerabilities affecting its Email Security appliances. These vulnerabilities (CVE-2025-40604 and CVE-2025-40605) could enable remote attackers to execute arbitrary code and access restricted information. Users of Email Security products are strongly advised to upgrade to the latest versions for enhanced protection.
Recent incidents, including a state-sponsored breach in September and the discovery of Overstep rootkit malware targeting SMA 100 series devices, underscore the importance of proactive security measures. SonicWall continues to enhance its security protocols to mitigate potential risks and protect its users.
Amidst budget season, over 300 CISOs and security leaders have shared insights on planning, spending, and prioritizing for the upcoming year. Gain valuable information on emerging trends and strategic benchmarks to navigate the evolving cybersecurity landscape.
Discover how top leaders are translating investments into tangible outcomes.
Revolutionizing the Road: Apple’s CarPlay Welcomes Third-Party Chatbots
Barclays Banking on AI: Driving Efficiency and Profitability
Greening the Economy: Enhancing Health and Sustainability through Digital Innovation
Mercedes-AMG GLC 53 Unleashed: Powering Up with a 6-Cylinder Engine and Drift Mode
Ultimate Power in Your Hands: The $4,299 Ayaneo Windows Handheld
Monster Hunter Wilds Anniversary: A Collab with its Kid-Friendly Cousin and Exciting DLC Updates
Power Up with the Ugreen Zapix 200W: A Comprehensive 8-Port Charging Station Review
Unleashing the Potential of AI: The Brain as the Foundation, not the Limit
Microsoft Unveils Windows 11 26H1: Compatibility with Select and Future CPUs
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
POCO X4 Pro Review – $250 iPhone Destroyer?
10 Million!
17 WILDEST Inventions you won’t believe are REAL.
Apple’s 2022 products are even CRAZIER than you think.
I tested the CHEAPEST Gadgets on the Internet.
I bought the THINNEST Tech in the world.
The Samsung Smartphone Scandal: Explained
14 Products that give you REAL SUPERPOWERS.
I tested Viral TikTok Life Hacks – are they a SCAM!?
-
Facebook4 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook4 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook2 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook2 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook2 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple4 months agoMeta discontinues Messenger apps for Windows and macOS
