488/68 Tuesday, November 25, 2025
SonicWall has issued a security advisory regarding a high-severity buffer overflow vulnerability in the SonicOS SSLVPN service, identified as CVE-2025-40601 (CVSS 7.5). The flaw allows unauthenticated remote attackers to trigger a Denial-of-Service (DoS) condition, causing Gen7 and Gen8 firewalls to reboot or stop functioning.
The vulnerability affects only devices with the SonicOS SSLVPN service enabled. Impacted devices include both physical and virtual (NSv) Gen7 firewalls running firmware version 7.3.0-7012 or earlier, as well as Gen8 firewalls running version 8.0.2-8011 or earlier. SonicWall confirms that no active exploitation or public Proof-of-Concept (PoC) code has been observed at this time.
SonicWall strongly advises all users to apply the security patches immediately to remediate the issue. For administrators who are unable to update right away, mitigation steps include temporarily disabling SSLVPN or restricting external access to the firewall so that only trusted sources can connect.
