CRITICAL SECURITY NOTICE: NEW SSLVPN BUFFER OVERFLOW VULNERABILITY THREATENS SONICWALL DEPLOYMENTS

• 05/12/2025

SonicWall has issued an urgent security advisory regarding a newly discovered buffer overflow vulnerability affecting the SSLVPN service in SonicOS. Tracked as CVE-2025-40601 with a CVSS score of 7.5, this flaw allows unauthenticated remote attackers to crash the firewall and disrupt enterprise network connectivity.

Root Cause and Exploitation Method

According to SonicWall, the vulnerability stems from improper handling of input data size within the SSLVPN stack. This weakness enables remote attackers to send specially crafted data from the Internet, causing a Denial-of-Service (DoS) condition that forces the firewall to shut down and interrupts VPN connections. Only devices with the SSLVPN service or interface enabled are at risk.

Affected Devices

CVE-2025-40601 impacts multiple generations of SonicWall hardware and virtual firewalls:

• Gen7 Devices:

  • Hardware: TZ270, TZ370, TZ470, TZ570, TZ670, NSa 2700–6700, NSsp 10700–15700

  • Virtual Firewalls: NSv270, NSv470, NSv870

  • Affected Versions: 7.3.0-7012 and earlier

• Gen8 Devices:

  • Hardware: TZ80–TZ680, NSa 2800–5800

  • Affected Versions: 8.0.2-8011 and earlier

Note: Gen7 devices running version branch 7.0.1 are not affected.

No Patch Available – Immediate Actions Required

SonicWall has not yet released a patch for this flaw. While awaiting an official fix, administrators should implement the following mitigation steps immediately:

• Restrict SSLVPN access to trusted sources only

• Block untrusted Internet IPs from accessing SSLVPN

• Adjust firewall access rules to limit VPN access by user, service, destination, and WAN IP

• Closely monitor connection logs for suspicious activity

DTG Recommendations

This SSLVPN buffer overflow highlights how Internet-exposed VPN services continue to be prime targets for cyberattacks. A successful exploitation can take down critical firewall infrastructure and disrupt company-wide network operations.

DTG strongly advises organizations to:

• Review and validate all SSLVPN configurations

• Check whether deployed devices fall within the affected list

• Strengthen monitoring on network and VPN activity

• Prepare response plans ahead of SonicWall’s upcoming patches

DTG is ready to support businesses with risk assessments, mitigation strategies, and security best practices to ensure stable and protected network operations.

(According to Security Online)