- 90/2025
- High
SonicWall has released a security update to address a vulnerability across SonicOS SSLVPN Virtual Office interface.
The addressed vulnerability could allow the unauthenticated remote attacker to cause a denial of service attack and crash the affected firewall system.
SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service Vulnerability (CVE-2025-32818):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Gen7 NSv – NSv 270, NSv 470, NSv 870.
- Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W.
- TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700.
- TZ80.
Vulnerabilities
CVE-2025-32818
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.