Ddos 
SonicWall has disclosed a vulnerability affecting its SonicOS SSLVPN Virtual Office interface, which, if exploited, could allow remote attackers to crash firewall appliances. Tracked as CVE-2025-32818, this vulnerability carries a CVSS score of 7.5, making it a high-severity issue for enterprises relying on SonicWall Gen7 devices for secure network access.
According to the official advisory, the issue is described as: “A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual Office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.”
This flaw enables attackers to disrupt operations by sending specially crafted requests to the SSLVPN interface, effectively taking the firewall offline without requiring authentication.
The vulnerability affects a wide range of SonicWall’s Gen7 virtual and physical firewalls, including:
- Gen7 NSv: NSv 270, NSv 470, NSv 870
- Gen7 Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670
- NSa Series: NSa 2700, 3700, 4700, 5700, 6700
- NSsp Series: 10700, 11700, 13700, 15700
- TZ80 (firmware 8.0.0-8037 and earlier)
Affected versions range from 7.1.1-7040 to 7.1.3-7015 (for 7.1.x releases) and 8.0.0-8037 and earlier for the TZ80.
SonicWall has promptly addressed this issue in newer firmware versions. Users are urged to update to:
- Version 7.2.0-7015 and higher for Gen7 Firewalls and NSv
- Version 8.0.1-8017 and higher for TZ80 devices
Enterprises are encouraged to deploy these updates immediately to mitigate the risk of a DoS attack.
Related Posts:
- SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild, PoC Released
- Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766)
- SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS
- Unauthenticated Denial of Service vulnerability in SONICOS
- CVE-2024-53704 – Authentication Bypass in SonicOS: PoC Published
Donate