Which SonicWall firmware versions are vulnerable to CVE-2025-40600?

Systems running SonicOS versions 7.2.0-7015 and older are vulnerable to this attack. However, the 7.0.1 branch is not affected by this vulnerability, indicating that the flaw was introduced in later firmware versions.

Are all SonicWall products affected by this vulnerability?

No, SonicWall's Gen6 and Gen8 firewalls, as well as SMA 1000 and SMA 100 series SSL VPN products, are not impacted by CVE-2025-40600. The vulnerability is specifically limited to Gen7 products only, which helps narrow the scope of affected systems.

How can attackers exploit CVE-2025-40600?

The vulnerability allows remote unauthenticated attackers to cause memory corruption and subsequent service crashes through denial-of-service attacks. While the attack complexity is considered high, it can be executed remotely without requiring authentication, making it accessible to external attackers who can reach the SSL VPN interface.

What is the CVSS score for CVE-2025-40600?

The CVSS score for CVE-2025-40600 varies from 5.9 to 9.8, depending on the specific deployment configuration and environmental factors. This wide range indicates that the severity can range from medium to critical depending on how the affected SonicWall systems are deployed and configured.

What should organizations do if they cannot immediately patch CVE-2025-40600?

For organizations unable to immediately implement the software update, SonicWall recommends disabling the SSL-VPN interface as a temporary workaround. This will prevent exploitation of the vulnerability but will also disable SSL VPN functionality until the patch can be applied.

What is the attack complexity for CVE-2025-40600?

The attack complexity for CVE-2025-40600 is considered high, meaning it requires some level of skill and specific conditions to exploit successfully. However, the vulnerability can still be exploited remotely without authentication, making it a significant security concern despite the higher complexity.

What are the potential impacts of CVE-2025-40600 exploitation?

Successful exploitation of CVE-2025-40600 can cause memory corruption and subsequent service crashes, leading to denial-of-service conditions. This could disrupt SSL VPN services and potentially affect business continuity for organizations relying on these systems for remote access.

How urgent is it to patch CVE-2025-40600?

Given that CVE-2025-40600 affects the SSL VPN interface and can be exploited remotely without authentication, organizations should treat this as a high-priority security update. The wide CVSS score range (5.9-9.8) indicates potentially critical impact in some configurations, making prompt patching to version 7.3.0-7012 or higher essential for maintaining security.

Advisory

Vulnerability in SonicWall Gen7 firewalls enables remote Denial-of-Service attacks

Q: What is the SonicWall Gen7 SSL VPN vulnerability CVE-2025-40600?

SonicWall is reporting a vulnerability (CVE-2025-40600, CVSS score varies from 5.9 to 9.8) affecting the SSL VPN interface of its Gen7 firewall products. It's a Use of Externally-Controlled Format String vulnerability that could allow remote unauthenticated attackers to cause service disruptions through denial-of-service attacks, memory corruption, and service crashes.

Q: What type of vulnerability is CVE-2025-40600?

CVE-2025-40600 is a Use of Externally-Controlled Format String vulnerability, which occurs when user-controllable input is unsafely incorporated into format strings in printf-style functions. This type of vulnerability can lead to memory corruption and allows attackers to manipulate program execution through malicious input.

Q: Which SonicWall products are affected by CVE-2025-40600?

The vulnerability affects SonicWall Gen7 products including TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, and NSsp 15700 models. Gen7 virtual firewalls (NSV270, NSv470, NSv870) deployed across ESX, KVM, HYPER-V, AWS, and Azure platforms are also affected.

Q: Is there a patch available for CVE-2025-40600?

Yes, SonicWall has released patched software version 7.3.0-7012 and higher versions to address this security issue. Organizations should prioritize upgrading to the patched version to maintain both security and SSL VPN functionality.

published: July 30, 2025

Take action: If you have SonicWall Gen7 firewalls, check the advisory and your OS versions. If they are vulnerable, plan an update to SonicOS version 7.3.0-7012 or higher. The main risk is attackers crashing your system and making your VPN useless. If you can't update right away, disable the SSL-VPN interface, since it won't be of much use if attackers are crashing it.

Learn More

SonicWall is reporting a vulnerability affecting the SSL VPN interface of its Gen7 firewall products that could allow remote unauthenticated attackers to cause service disruptions through denial-of-service attacks.

The vulnerability is tracked as CVE-2025-40600 (CVSS score varies from 5.9 to 9.8) and is a Use of Externally-Controlled Format String vulnerability, which occurs when user-controllable input is unsafely incorporated into format strings in printf-style functions.

The vulnerability allows remote unauthenticated attackers to cause memory corruption and subsequent service crashes. The attack complexity is considered high, but it can be executed remotely and without authentication.

The vulnerability affects SonicWall Gen7 products running vulnerable firmware versions TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, and NSsp 15700 models. Additionally, Gen7 virtual firewalls (NSv) are also affected, including NSV270, NSv470, and NSv870 variants deployed across ESX, KVM, HYPER-V, AWS, and Azure platforms.

Systems running SonicOS versions 7.2.0-7015 and older are vulnerable to this attack, but the 7.0.1 branch is not affected.

SonicWall's Gen6 and Gen8 firewalls, as well as SMA 1000 and SMA 100 series SSL VPN products, are not impacted by this specific vulnerability, limiting the scope to Gen7 products only.

SonicWall has released patched software version 7.3.0-7012 and higher versions to address this security issue. Organizations should prioritize upgrading to the patched version to maintain both security and SSL VPN functionality. For organizations unable to immediately implement the software update, SonicWall recommends disabling the SSL-VPN interface as a temporary workaround.

Vulnerability in SonicWall Gen7 firewalls enables remote Denial-of-Service attacks

Read More
pfSense opensource firewall servers exposed to attacks via …
D-Link router DIR-859 vulnerability actively exploited by hackers
Critical remote code execution flaw patched in Western …
Critical authentication bypass vulnerability in AMI MegaRAC BMC …
Multiple security flaws reported in SHARP routers