SonicWall SSL VPN Vulnerability Allows Attackers to Launch DoS Attacks on Firewalls

SonicWall has disclosed a significant security vulnerability affecting its Gen7 firewall products that could allow remote attackers to disrupt network services without authentication.

The vulnerability, tracked as CVE-2025-40600 and assigned advisory ID SNWLID-2025-0013, was first published on July 29, 2025, with updates released the following day.

Despite being classified with a medium CVSS score of 5.9, the vulnerability poses serious concerns for organizations relying on SonicWall’s SSL VPN functionality for remote access solutions.

The security vulnerability stems from a use of externally-controlled format string vulnerability within SonicOS’s SSL VPN interface, categorized under CWE-134.

This type of vulnerability occurs when user-supplied data is improperly handled in format string functions, potentially allowing attackers to manipulate program execution or cause system instability.

The vulnerability enables remote unauthenticated attackers to trigger denial-of-service conditions, effectively disrupting the availability of affected firewall systems.

The CVSS vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H indicates that while the attack can be conducted remotely over the network without requiring privileges or user interaction, it has high attack complexity.

The primary impact is on system availability, with no direct effect on confidentiality or integrity.

However, the ability to disrupt firewall services remotely presents significant operational risks, particularly for organizations that depend on continuous network security monitoring and SSL VPN connectivity for remote workers.

SonicWall SSL VPN Vulnerability

The vulnerability specifically impacts SonicWall Gen7 firewall products across multiple deployment models. The affected systems include:

Hardware Firewalls:

• TZ series: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670.
• NSa series: NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700.
• NSsp series: NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700.

Virtual Firewalls (NSv):

• NSv270, NSv470, NSv870 models.
• Supported across ESX, KVM, Hyper-V hypervisors.
• Cloud deployments on AWS and Azure platforms.

Vulnerable Software Versions:

• SonicOS version 7.2.0-7015 and older versions.
• Notable exception: 7.0.1 branch remains unaffected.

Unaffected Systems:

• Gen6 and Gen8 firewall products.
• SMA 1000 and SMA 100 series SSL VPN appliances.

Mitigations

SonicWall strongly recommends immediate upgrading to the fixed software version 7.3.0-7012 or higher to completely address this vulnerability.

For organizations unable to immediately deploy the patched version, SonicWall provides a workaround solution: disabling the SSL-VPN interface entirely.

This mitigation effectively eliminates the attack vector since the vulnerability specifically targets the firewall’s SSL-VPN component, leaving systems without SSL-VPN enabled completely unaffected.

Organizations should prioritize this update, particularly those heavily reliant on SSL VPN functionality for remote access.

The availability of both a permanent fix and temporary workaround provides flexibility for different deployment scenarios and maintenance windows, ensuring that network security can be maintained while planning appropriate remediation strategies.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.