353/68 Friday, September 19, 2025
SonicWall has issued an advisory urging customers to reset their passwords and authentication tokens after discovering that firewall configuration backup files for some MySonicWall accounts were accessed without authorization. The incident raises concerns that attackers could exploit sensitive information, such as passwords, API keys, and tokens, to compromise firewall systems. The company stated that attacker access was immediately cut off and that it is working with cybersecurity authorities and law enforcement to assess the impact.
According to SonicWall, fewer than 5% of firewall appliances were affected. Attackers reportedly used brute-force techniques to exploit the cloud backup system’s API. While the backup files were password-protected, they may still contain configuration details that could aid exploitation. The company advised administrators to reset all related passwords, API keys, and tokens, including those used for VPN and LDAP/RADIUS services connected to SonicWall devices, and to temporarily disable or restrict WAN access for added security.
Although SonicWall confirmed there is no evidence that the files were leaked publicly or linked to ransomware, the incident comes shortly after Akira ransomware was confirmed to have exploited the SonicOS vulnerability CVE-2024-40766 to attack unpatched appliances. Security researchers are urging organizations to promptly apply the latest patches, review activity logs, and enforce stronger security controls to mitigate the risk of repeat attacks or unauthorized network access.
