SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls

SonicWall, a prominent provider of cybersecurity solutions, has disclosed a critical vulnerability—CVE-2025-40600—affecting the SSL VPN interface of its SonicOS firewall operating system. With a CVSS score of 7.5, this flaw presents a serious risk of remote service disruption if exploited.

CVE-2025-40600 is classified as a Use of Externally-Controlled Format String vulnerability, which occurs when user-controllable input is unsafely incorporated into format strings. This flaw allows a remote unauthenticated attacker to trigger a denial of service (DoS) attack via the SSL VPN interface, potentially taking security infrastructure offline at critical moments.

“Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption,” the advisory explains.

This type of vulnerability can be particularly dangerous in perimeter devices like firewalls, which are often the first line of defense in organizational networks.

The vulnerability specifically affects Gen7 SonicWall firewall devices, both hardware and virtual. Impacted product lines include:

• Hardware: TZ series (TZ270, TZ370, TZ470, TZ570, TZ670), NSa series (NSa 2700–6700), and NSsp series (NSsp 10700–15700).
• Virtual Firewalls (NSv): NSv270, NSv470, and NSv870 across virtualization platforms like ESX, KVM, HYPER-V, and cloud platforms such as AWS and Azure.

All affected devices are running SonicOS 7.2.0-7015 and older versions.

SonicWall has released patches addressing the vulnerability in versions 7.3.0-7012 and above. Users and administrators are strongly advised to apply the updates as soon as possible to mitigate potential exploitation.

Related Posts:

• SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS
• SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild, PoC Released
• High-Severity SonicWall SSLVPN Vulnerability Allows Firewall Crashing
• Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766)
• SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.