CVE-2025-40601

SonicWall SonicOS and Affected Versions SonicWall versions prior to 7.3.1-7013 SonicWall versions prior to 8.0.3-8011 SonicWall versions 7.3.0-7012 and older SonicWall versions 8.0.2-8011 and older

Description A stack-based buffer overflow vulnerability exists in the SonicOS SSLVPN service. This flaw allows a remote, unauthenticated attacker to cause a Denial of Service (DoS), potentially crashing the affected firewall. The vulnerability impacts SonicWall Gen7 and Gen8 firewalls when the SSLVPN interface or service is enabled. Approximately 10.7K services and 51.1k instances are found exposed yearly. While no active exploitation has been reported, the vulnerability is considered high-severity. The vulnerability is triggered by a stack-based buffer overflow.

Recommendations Update to SonicOS version 7.3.1-7013 or higher. Update to SonicOS version 8.0.3-8011 or higher. Restrict SSL VPN access to trusted IP addresses. Disable SSL VPN access for untrusted sources.