Summary : A security flaw was discovered in SonicWall’s SonicOS SSLVPN component, affecting both hardware and virtual firewall appliances across Gen7 and Gen8 product lines.

OEM	SonicWall
Severity	High
CVSS Score	7.5
CVEs	CVE-2025-40601
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

The SonicWall vulnerability allows remote attackers, without any authentication, to crash into affected firewalls by sending specially crafted traffic to the SSLVPN service. There are no public exploitation in the wild but it is strongly advised customers to apply the available patches immediately to minimize risk. 

In simple terms, the component fails to validate the size or structure of certain data before copying it to a stack‐allocated buffer. Under malicious input, the overflow can overwrite the stack, leading the firewall device to crash.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Stack-based buffer overflow in SonicOS SSLVPN service	CVE-2025-40601	SonicWall SonicOS Firewalls (Gen7 and Gen8 Hardware and Virtual)	High	7.3.1-7013 (Gen7), 8.0.3-8011 (Gen8) and latest one

Technical Summary 

The vulnerability occurs due to a stack-based buffer overflow affecting the SSLVPN service of SonicOS. Devices with the SSLVPN interface enabled are vulnerable.

This flaw permits remote unauthenticated attackers to trigger a denial-of-service condition, leading to a full firewall crash and service outage.

The problem impacts a wide range of SonicWall firewall models including Gen7 (TZ270, NSa 2700 series etc) and Gen8 (TZ280, NSa 2800 series etc). Administrators are urged to upgrade to the latest versions and restrict SSLVPN access to trusted IPs or disable external-facing SSLVPN portals until remediation is complete. 

CVE ID	Component Affected	Vulnerability Details	Impact
CVE-2025-40601	SonicWall SonicOS SSLVPN service	Stack-based buffer overflow allows remote unauthenticated attackers to send crafted requests causing a denial-of-service crash of the firewall. Only devices with SSLVPN enabled are vulnerable.	Remote denial-of-service

Recommendations 

Update SonicWall immediately to the following fixed versions: 

• Gen7 Hardware Firewalls: 7.3.1-7013 and higher versions 

• Gen7 Virtual Firewalls : 7.3.1-7013 and higher versions 

• Gen8 Firewalls: 8.0.3-8011 and higher. 

You can follow some below workaround here 

• Temporarily disable the SSLVPN service if possible or restrict SSLVPN access only to trusted source IP addresses.  

• Avoid exposing the SSLVPN service to untrusted internet sources until patched. 

• Continuously monitor firewall and network logs for unusual SSLVPN activity or connection attempts that might indicate probing or exploitation attempts. 

Conclusion: 
There has no evidence of active exploitation for this vulnerability, but the issue makes unpatched firewalls highly attractive targets for threat actors capable of causing major network outages.

Organizations relying on SonicWall should prioritize applying the latest patches and review their SSLVPN exposure as part of broader incident prevention. For those unable to patch immediately, restricting or disabling external SSLVPN access is strongly recommended until fixes can be deployed. 

References: 

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016