Vulnerability in SonicOS could allow denial of service (DoS)

A vulnerability has been discovered in SonicOS, which could allow a denial of service (DoS). SonicOS is the operating system that runs on SonicWall’s network security appliances, such as firewalls. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS), which could cause an affected firewall to crash. This vulnerability ONLY affects the SonicOS SSLVPN interface or service if enabled on the firewall.

There are currently no reports of this vulnerability being exploited in the wild.

A vulnerability has been discovered in SonicOS, which could allow a denial of service (DoS). The details of the vulnerability are as follows:

Tactical: Impact (TA0040):

Technical: Endpoint denial of service (T1499):

• A stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows an unauthenticated, remote attacker to cause a denial of service (DoS), which could cause an affected firewall to crash. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and no malicious use of this vulnerability has been reported to SonicWall. This vulnerability ONLY affects the SonicOS SSLVPN interface or service if enabled on the firewall. (CVE-2025-40601)

Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS), which could cause an affected firewall to crash.

We recommend taking the following measures:

• Apply appropriate updates provided by SonicWall to vulnerable systems immediately after appropriate testing. (M1051: Update software)
• Backup 7.1: Establish and maintain a vulnerability management process: Establish and maintain a documented vulnerability management process for company assets. Review and update documentation annually or when significant changes within the business occur that could impact this protection.
• Safeguard 7.2: Establish and maintain a remediation process: Establish and maintain a risk-based remediation strategy, documented in a remediation process, with monthly or more frequent reviews.
• Backup 7.4: Perform automated application patch management: Perform application updates on enterprise assets with automated patch management on a monthly or more frequent basis.
• Backup 7.5: Perform automated vulnerability scans of internal company assets: Perform automated vulnerability scans of internal company assets on a quarterly or more frequent basis. Perform authenticated and unauthenticated scans using a SCAP-compliant vulnerability scanning tool.
• Backup 7.7: Fix detected vulnerabilities: Remediate detected vulnerabilities in software through processes and tools on a monthly or more frequent basis, depending on the remediation process.
• Backup 12.1: Ensure network infrastructure is up to date: Make sure the network infrastructure is kept up to date. Example implementations include running the latest stable version of the software and/or using currently supported Network as a Service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
• Backup 18.1: Establish and maintain a penetration testing program: Establish and maintain a penetration testing program appropriate to the size, complexity and maturity of the company. Penetration testing program characteristics include scope, such as network, web application, application programming interface (API), hosted services, and physical premises controls; frequency; limitations, such as acceptable hours and excluded types of attacks; contact details; corrective actions, such as how results will be communicated internally; and retrospective requirements.
• Backup 18.2: Perform periodic external penetration tests: Perform periodic external penetration testing based on program requirements, at least annually. External penetration testing should include reconnaissance of the business and environment to detect actionable information. Penetration testing requires specialist skills and experience and should be carried out by a qualified party. The test can be carried out in a transparent box or an opaque box.
• Backup 18.3: Results of corrective penetration tests: Remediate penetration test results based on company policy for scope and priority of remediation.
• Use network devices to filter inbound or outbound traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic. (M1037: Filter network traffic)
• Backup 4.2: Establish and maintain a secure configuration process for network infrastructure: Establish and maintain a secure configuration process for network devices. Review and update documentation annually or when significant changes within the business occur that could impact this protection.
• Backup 7.6: Perform automated vulnerability scans of externally exposed enterprise assets: Perform automated vulnerability scans of externally exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly or more frequent basis.
• Backup 7.7: Fix detected vulnerabilities: Remediate detected vulnerabilities in software through processes and tools on a monthly or more frequent basis, depending on the remediation process.
• Use features to detect and block conditions that could lead to or indicate the occurrence of a software exploit. (M1050: Exploit Protection)
• Backup 10.5: Enable anti-exploitation features: Enable anti-exploitation features on company assets and software where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.