{"id":8627,"date":"2025-11-21T10:03:41","date_gmt":"2025-11-21T10:03:41","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/21\/sonicos-sslvpn-vulnerability-let-attackers-crash-the-firewall-remotely\/"},"modified":"2025-11-21T10:03:41","modified_gmt":"2025-11-21T10:03:41","slug":"sonicos-sslvpn-vulnerability-let-attackers-crash-the-firewall-remotely","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/21\/sonicos-sslvpn-vulnerability-let-attackers-crash-the-firewall-remotely\/","title":{"rendered":"SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely"},"content":{"rendered":"

SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service<\/a> attacks.<\/p>\n

The vulnerability was internally discovered and reported by SonicWall\u2019s security team. The flaw, tracked as\u00a0CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall<\/a> products.<\/p>\n

\n\n\n\n\n\n\n\n\n
Field<\/th>\nValue<\/th>\n<\/tr>\n<\/thead>\n
CVE ID<\/td>\nCVE-2025-40601<\/td>\n<\/tr>\n
CWE<\/td>\nCWE-121<\/td>\n<\/tr>\n
CVSS Score<\/td>\n7.5 (High)<\/td>\n<\/tr>\n
CVSS Vector<\/td>\nCVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Understanding the Vulnerability<\/strong><\/h2>\n

The vulnerability exists in the SSLVPN service component of SonicOS and stems from a stack-based buffer overflow<\/a> weakness (CWE-121).<\/p>\n

When exploited, an attacker can send specially crafted requests to the vulnerable SSLVPN interface without authentication, causing the affected firewall to crash and interrupting services.<\/p>\n

SonicWall states that this vulnerability only impacts devices with the SSLVPN <\/a>interface or service enabled on the firewall. Organizations that do not use this feature remain unaffected.<\/p>\n

Currently, SonicWall PSIRT reports no active exploitation in the wild, and no proof-of-concept code has been publicly released.<\/p>\n

\n\n\n\n\n\n\n\n
Platform<\/th>\nModels<\/th>\nAffected Versions<\/th>\nFixed Version<\/th>\n<\/tr>\n<\/thead>\n
Gen7 Hardware Firewalls<\/td>\nTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700-6700, NSsp 10700-15700<\/td>\n7.3.0-7012 and older<\/td>\n7.3.1-7013 and higher<\/td>\n<\/tr>\n
Gen7 Virtual Firewalls (NSv)<\/td>\nNSv270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure)<\/td>\n7.3.0-7012 and older<\/td>\n7.3.1-7013 and higher<\/td>\n<\/tr>\n
Gen8 Firewalls<\/td>\nTZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800-5800<\/td>\n8.0.2-8011 and older<\/td>\n8.0.3-8011 and higher<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

The vulnerability impacts both Gen7 and Gen8 SonicWall firewalls across hardware and virtual platforms.<\/p>\n

Gen7 devices running firmware versions 7.3.0-7012 and older are vulnerable, while Gen8 firewalls with versions 8.0.2-8011 and earlier are affected. SonicWall Gen6 firewalls and SMA 1000\/100 series SSL VPN products are not impacted.<\/p>\n

SonicWall strongly urges<\/a> organizations to update to the patched firmware versions immediately.<\/p>\n

Until patches can be applied, administrators should restrict SSLVPN access to trusted source IP addresses only or disable the service from untrusted internet sources by modifying existing access rules.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall\u2019s security team. The flaw, tracked as\u00a0CVE-2025-40601, carries a CVSS score of 7.5 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-8627","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8627"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8627"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8627\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}