- 259/2025
- High
SonicWall has released security updates to fix several vulnerabilities affecting multiple SonicWall products.
The addressed vulnerabilities could allow the remote unauthenticated attacker to cause denial of service attacks, view partial users’ credential data, modify system files, gain persistent arbitrary code execution, manipulate file system paths, and cause service disruption on the affected product.
Sample of the addressed vulnerabilities:
1. SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability (CVE- 2025-40601):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. SonicWall Email Security Code Execution Vulnerability (CVE-2025-40604):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: File Manipulation
The affected products:
- SMA 100 Series (SMA 210, 410, 500v) 10.2.2.2-92sv and earlier versions.
- Gen7 hardware Firewalls, Gen7 virtual Firewalls (NSv) 7.3.0-7012 and older versions (7.0.1 branch is not affected).
- Gen8 Firewalls 8.0.2-8011 and older versions.
- Email Security (ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare, and Hyper-V) 10.0.33.8195 and earlier versions.
Vulnerabilities
- CVE-2025-40600
- CVE-2025-40601
- CVE-2025-40603
- CVE-2025-40604
- CVE-2025-40605
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.