SonicWall this week rolled out fixes for high-severity vulnerabilities that can allow attackers to crash firewalls or execute arbitrary files on Email Security appliances.
Over 30 SonicWall Gen7 and Gen8 firewalls are affected by a stack-based buffer overflow bug in the SonicOS SSL VPN service that could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition leading to device crashes.
Tracked as CVE-2025-40601 (CVSS score of 7.2), the issue affects only firewalls that have the SonicOS SSLVPN interface or service enabled.
The weakness was resolved with the release of SonicOS versions 7.3.1-7013 and 8.0.2-8011. SonicWall Gen6 firewalls and the SMA 1000 and SMA 100 series appliances are not affected.
Until they can apply the newly released fixes, customers are advised to limit SonicOS SSL VPN access to trusted source IP addresses, and disable access from untrusted sources.
SonicWall’s Email Security appliances received fixes for two security defects, including a high-severity flaw that allows attackers to modify system files and gain arbitrary code execution.
The first vulnerability, tracked as CVE-2025-40604 (CVSS score of 7.2), exists because the appliances do not verify the signature of loaded root filesystem images.
The second bug, CVE-2025-40605 (CVSS score of 4.9), is described as a path traversal issue that can be exploited to manipulate file system paths.
An attacker can trigger the flaw “by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path”, SonicWall explains.
SonicWall addressed the security defect in Email Security 5000, 5050, 7000, 7050, 9000, VMWare, and Hyper-V appliances with version 10.0.34.8215.
The company says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on SonicWall’s security advisories page.
Related: SolarWinds Patches Three Critical Serv-U Vulnerabilities
Related: Chrome 142 Update Patches Exploited Zero-Day
Related: State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack
