SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

Posted on By CWS

SonicWall this week rolled out fixes for high-severity vulnerabilities that may enable attackers to crash firewalls or execute arbitrary recordsdata on Electronic mail Safety home equipment.

Over 30 SonicWall Gen7 and Gen8 firewalls are affected by a stack-based buffer overflow bug within the SonicOS SSL VPN service that could possibly be exploited remotely, with out authentication, to trigger a denial-of-service (DoS) situation resulting in system crashes.

Tracked as CVE-2025-40601 (CVSS rating of seven.2), the problem impacts solely firewalls which have the SonicOS SSLVPN interface or service enabled.

The weak spot was resolved with the discharge of SonicOS variations 7.3.1-7013 and eight.0.2-8011. SonicWall Gen6 firewalls and the SMA 1000 and SMA 100 collection home equipment are usually not affected.

Till they will apply the newly launched fixes, prospects are suggested to restrict SonicOS SSL VPN entry to trusted supply IP addresses, and disable entry from untrusted sources.

SonicWall’s Electronic mail Safety home equipment acquired fixes for 2 safety defects, together with a high-severity flaw that enables attackers to switch system recordsdata and acquire arbitrary code execution.

The primary vulnerability, tracked as CVE-2025-40604 (CVSS rating of seven.2), exists as a result of the home equipment don’t confirm the signature of loaded root filesystem pictures.

The second bug, CVE-2025-40605 (CVSS rating of 4.9), is described as a path traversal concern that may be exploited to control file system paths.Commercial. Scroll to proceed studying.

An attacker can set off the flaw “by injecting crafted directory-traversal sequences (reminiscent of ../) and will entry recordsdata and directories exterior the supposed restricted path”, SonicWall explains.

SonicWall addressed the safety defect in Electronic mail Safety 5000, 5050, 7000, 7050, 9000, VMWare, and Hyper-V home equipment with model 10.0.34.8215.

The corporate says it’s not conscious of any of those vulnerabilities being exploited within the wild. Extra info could be discovered on SonicWall’s safety advisories web page.

Associated: SolarWinds Patches Three Vital Serv-U Vulnerabilities

Associated: Chrome 142 Replace Patches Exploited Zero-Day

Associated: State-Sponsored Hackers Stole SonicWall Cloud Backups in Current Assault

Associated: SonicWall SSL VPN Accounts in Attacker Crosshairs

Security Week News Tags:, , , , , , ,

Related Posts

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks Security Week News
HPE Patches Critical Vulnerability in StoreOnce HPE Patches Critical Vulnerability in StoreOnce Security Week News
RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement Security Week News
Thirteen Romanians Arrested for Phishing the UK’s Tax Service Thirteen Romanians Arrested for Phishing the UK’s Tax Service Security Week News
Possible Zero-Day Patched in SonicWall SMA Appliances Possible Zero-Day Patched in SonicWall SMA Appliances Security Week News
Cyber Insights 2026: External Attack Surface Management Cyber Insights 2026: External Attack Surface Management Security Week News