Security vulnerabilities: Attackers can disable SonicWall SonicOS SSLVPN

SonicWall's IT security solution Email Security and the remote access software SonicOS SSLVPN are vulnerable. If attackers exploit the now-closed security vulnerabilities, they can completely compromise systems in the worst-case scenario. Even though there are no reports of ongoing attacks so far, administrators should protect their instances promptly by installing security updates.

Various attacks possible

According to a security advisory, can be attacked via two software vulnerabilities. Because file integrity is not checked when downloading code, attackers can modify system files. In this way, they can permanently anchor themselves in the system, for example, via a root file system image prepared with malicious code. The vulnerability (CVE-2025-40604) is classified with a threat level of “high.” However, for such an attack to succeed, attackers must have access to the data storage, or VMDK.

Via the second vulnerability (CVE-2025-40605 “medium”), they can also manipulate data. Specifically affected are Email Security Appliance 5000, 5050, 7000, 7050, 9000, VMware, and Hyper-V. The developers assure that the vulnerabilities have been closed in versions 10.0.34.8215 and 10.0.34.8223. All previous versions are said to be vulnerable.

SSLVPN also vulnerable

According to information in a security advisory, can be attacked via a vulnerability (CVE-2025-40601 “high”). At this point, attackers can trigger memory errors, leading to crashes. How such DoS attacks could occur in detail is not yet known.

Various Gen7 and Gen8 firewalls are impacted, which the developers list in the security advisory. To protect systems, administrators must install at least version 7.3.1-7013 or 8.0.3-8011.

In October, SonicWall made headlines because attackers copied cloud backups of firewalls.

(des)