Ethical Hacking News
SonicWall has issued a high-priority alert about a critical security vulnerability in their SSLVPN interface, which could allow hackers to crash firewall systems. The company urges all affected customers to apply patches immediately and recommends disabling the SSLVPN service or restricting access from untrusted sources.
SonicWall has issued a high-priority alert about a critical security vulnerability in their SSLVPN interface. The issue is due to a stack-based buffer overflow that can trigger a denial-of-service condition on vulnerable devices. The vulnerability, CVE-2025-40601, has a CVSS score of 7.5 and affects certain versions of Gen7 and Gen8 firewall models. Only the SSLVPN interface or service is affected if enabled on the firewall. Malicious actors are unaware of the vulnerability's existence in the wild, but SonicWall urges customers to apply patches immediately. Patches should be applied as soon as possible, especially for organizations with sensitive infrastructure. Disabling the SSLVPN service or restricting access from untrusted sources can help mitigate exposure.
SonicWall has issued a high-priority alert regarding a critical security vulnerability in their SSLVPN interface, which could potentially allow hackers to crash firewall systems. The company has warned that the issue stems from a stack-based buffer overflow that can trigger a denial-of-service condition on vulnerable devices.
The latest vulnerability, identified as CVE-2025-40601 with a CVSS score of 7.5, was discovered by SonicWall's security team, who reported it to the company's Public Security Incident Response Team (PSIRT). According to SonicWall, this critical flaw affects certain versions of their Gen7 and Gen8 firewall models, including the TZ270, TZ370, and NSa series.
In a statement released earlier today, SonicWall acknowledged that the vulnerability "ONLY impacts the SonicOS SSLVPN interface or service if enabled on the firewall." However, the company emphasized that malicious actors are currently unaware of the existence of this vulnerability in the wild. SonicWall assured its customers that no reports have been made public regarding the exploitation of this vulnerability.
SonicWall urges all affected customers to apply patches immediately to prevent potential security breaches. The updates should be applied as soon as possible, especially for organizations with sensitive or critical infrastructure that relies on these firewall systems.
To mitigate exposure, SonicWall recommends disabling the SSLVPN service until a patch is available or restricting access from untrusted sources. Admins who cannot do so yet can minimize damage by limiting the impact of a potential attack.
The discovery of this vulnerability highlights the importance of timely security patches and diligent monitoring of known vulnerabilities. SonicWall's efforts to promptly disclose this issue demonstrate their commitment to protecting their customers' networks and systems.
In light of this critical update, cybersecurity professionals are advised to keep an eye on SonicWall's official announcements regarding any additional information or guidance they may release.
Related Information:
https://www.ethicalhackingnews.com/articles/SonicWall-Issues-Urgent-Patch-for-Critical-SSLVPN-Flaw-Affecting-Firewall-Crashes-ehn.shtml
Published: Sun Nov 23 05:39:17 2025 by llama3.2 3B Q4_K_M
