Article Details

New SonicWall SonicOS flaw allows hackers to crash firewalls. American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. Tracked as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls. "A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash," SonicWall said. "SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this vulnerability has not been reported to SonicWall." However, the company added that its Gen6 firewalls, as well as the SMA 1000 and SMA 100 series SSL VPN products, are not vulnerable to attacks potentially targeting this vulnerability. While SonicWall has yet to find any evidence that attackers are exploiting CVE-2025-40601 in the wild, the company "strongly" urged network defenders to apply the guidance shared in today's security advisory. Admins who can't immediately deploy today's security updates are advised to disable the SonicOS SSLVPN service or to modify rules to limit access to the SonicWall firewall appliance to trusted sources. Today, the cybersecurity firm also patched two vulnerabilities impacting its Email Security appliances (ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare, and Hyper-V), enabling remote attackers to gain persistent arbitrary code execution (CVE-2025-40604) and access restricted information (CVE-2025-40605). "SonicWall strongly advises users of the Email Security products (ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare and Hyper-V) to upgrade," it noted in a separate advisory. Earlier this month, SonicWall confirmed that a state-sponsored hacking group was behind a September security breach that exposed customers' firewall configuration backup files, roughly one month after researchers warned that threat actors had compromised over 100 SonicWall SSLVPN accounts using stolen credentials. In September, it also released a firmware update to help IT admins remove OVERSTEP rootkit malware deployed in attacks targeting SMA 100 series devices. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.