A vital vulnerability in SonicWall Gen7 firewall merchandise may permit distant unauthenticated attackers to trigger service disruptions by way of denial-of-service (DoS) assaults.
The format string vulnerability tracked as CVE-2025-40600 impacts the SSL VPN interface of a number of SonicWall firewall fashions and has been assigned a CVSS v3 rating of 5.9, indicating medium severity with excessive availability impression.
Key Takeaways1. CVE-2025-40600 permits unauthenticated distant DoS assaults on SonicWall Gen7 firewall SSL VPN interfaces.2. All Gen7 {hardware}/digital firewalls operating SonicOS 7.2.0-7015 and older variations.3. Improve or disable SSL-VPN as a brief workaround.
Overview of SSL VPN DoS Vulnerability
The safety flaw, formally designated as SNWLID-2025-0013, stems from a Use of Externally-Managed Format String vulnerability labeled below CWE-134.
This kind of vulnerability happens when an utility makes use of externally managed format strings in printf-style features, probably permitting attackers to control reminiscence addresses and trigger utility crashes or service disruptions.
The vulnerability particularly targets the SonicOS SSL VPN interface, making it accessible to distant attackers with out requiring authentication.
The CVSS vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H signifies that whereas the assault complexity is excessive, it may be executed over the community with out person interplay, primarily impacting system availability slightly than confidentiality or integrity.
Safety researchers have recognized a vulnerability that permits attackers to take advantage of format string weaknesses within the SSL VPN element, probably resulting in reminiscence corruption and subsequent service crashes.
The assault vector requires no particular privileges and could be executed remotely, making it significantly regarding for organizations counting on SonicWall firewalls for community safety.
Danger FactorsDetailsAffected ProductsGen7 {Hardware} Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700Gen7 Digital Firewalls: NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure)Weak Variations: SonicOS 7.2.0-7015 and olderImpactDenial of Service (DoS) Exploit PrerequisitesRemote community entry to SSL VPN interfaceCVSS 3.1 Score5.9 (Medium)
Affected Programs and Mitigation Methods
The vulnerability impacts a complete vary of Gen7 {hardware} firewalls, together with the TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, and NSsp 15700 fashions.
Moreover, Gen7 digital firewalls (NSv), together with NSV270, NSv470, and NSv870 variants throughout ESX, KVM, HYPER-V, AWS, and Azure platforms, are additionally affected.
Programs operating SonicOS variations 7.2.0-7015 and older are susceptible, whereas the 7.0.1 department stays unaffected.
Importantly, SonicWall’s Gen6 and Gen8 firewalls, in addition to SMA 1000 and SMA 100 sequence SSL VPN merchandise, usually are not impacted by this vulnerability.
SonicWall has launched mounted software program model 7.3.0-7012 and better to deal with this safety situation.
For organizations unable to instantly replace, SonicWall recommends disabling the SSL-VPN interface as a brief workaround, noting that this vulnerability doesn’t impression firewalls with out SSL-VPN enabled.
Organizations ought to prioritize upgrading to the patched model to take care of each safety and SSL VPN performance.
Combine ANY.RUN TI Lookup along with your SIEM or SOAR To Analyses Superior Threats -> Strive 50 Free Trial Searches
