Published on November 21, 2025
New SonicWall SonicOS flaw allows hackers to crash firewalls
Severity
Medium
Cybersecurity firm SonicWall has issued an urgent advisory instructing customers to apply patches for a high severity SonicOS SSLVPN flaw that could enable attackers to crash affected firewalls.
Identified as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls.
| CVE Number | Description | CVSS Score (Severity) |
| CVE-2025-40601 | A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 (High) |
SonicWall PSIRT confirmed that there is currently no evidence of active exploitation in the wild. No proof of concept code has surfaced publicly and no malicious activity linked to this vulnerability has been reported to the company.
Affected Version
| Affected Platforms | Affected Versions |
| Gen7 hardware Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 | 7.3.0-7012 and older versions (7.0.1 branch is not affected) |
| Gen7 virtual Firewalls (NSv) – NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) | |
| Gen8 Firewalls – TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 | 8.0.2-8011 and older versions |
The company also clarified that Gen6 firewalls, as well as the SMA 1000 and SMA 100 series SSL VPN products, are not affected by this vulnerability.
Recommendation
SonicWall strongly advises administrators to apply the available updates as soon as possible to ensure their systems are fully protected.
| Affected Platforms | Fixed versions |
| Gen7 hardware Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 | 7.3.1-7013 and higher versions |
| Gen7 virtual Firewalls (NSv) – NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) | |
| Gen8 Firewalls – TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 | 8.0.3-8011 and higher versions |
As a temporary precaution until patches are deployed, SonicWall PSIRT strongly advises administrators to restrict SonicOS SSLVPN access to trusted sources or disable SSLVPN service from untrusted internet locations by modifying the existing access rules. This approach ensures that only trusted IP addresses have access.
Source
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016