Pierluigi Paganini
November 23, 2025
A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and Gen8 firewalls. SonicWall is urging all customers to apply patches immediately, as the issue stems from a stack-based buffer overflow that can trigger a denial-of-service condition on vulnerable devices.
The vendor pointed out that the flaw “ONLY impacts the SonicOS SSLVPN interface or service if enabled on the firewall.” The company is not aware of attacks in the wild exploiting this vulnerability.
“A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.” reads the advisory.
“SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this vulnerability has not been reported to SonicWall.”
Below are the impacted platforms:
| Affected Platform(s) | Affected Version(s) |
Gen7 hardware Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W,TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700Gen7 virtual Firewalls (NSv) – NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) | 7.3.0-7012 and older versions(7.0.1 branch is not affected) |
| Gen8 Firewalls – TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 | 8.0.2-8011 and older versions |
Admins who can’t patch yet should disable SonicOS SSLVPN or restrict firewall access to trusted sources to reduce exposure.
In early November, the cybersecurity firm attributed the September security breach exposing firewall configuration files to state-sponsored hackers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, SonicOS SSLVPN)
