Threat alert – SonicWall SonicOS SSL VPN

  • Threat

– Date: 31st of July –

📢 Threat Alert – SonicWall SonicOS SSL VPN 🚨 Critical Security Alert! 🚨 

On the 31st of July 2025, SonicWall published a critical security advisory about a severe vulnerability (CVE-2025-40600, CVSS 9.8) affecting SonicOS SSL VPN interfaces.
The flaw allows remote, unauthenticated attackers to trigger denial of service. Here’s how to stay protected and how Nynox supports affected customers.

What’s going on?

⚠️ The vulnerability is classified as a Use of Externally-Controlled Format String, which allows remote, unauthenticated attackers to disrupt services by targeting the SSL VPN interface of affected SonicOS devices.

⚠️ It is remotely exploitable without authentication, making it highly attractive to opportunistic and targeted threat actors.

⚠️ Affected devices and mitigation guidance:

ModelsImpacted VersionFixed Version
Gen7 hardware firewalls (e.g. TZ270, NSa 4700, NSsp 15700)7.2.0-7015 and older7.3.0-7012 and newer
Gen7 virtual firewalls (NSv) (e.g. NSv270, NSv870 on ESX, KVM, HYPER-V, AWS, Azure)7.2.0-7015 and older7.3.0-7012 and newer

Patch immediately using the latest firmware provided by SonicWall.

Why is this a problem?

❗ This is a remote unauthenticated vulnerability affecting external VPN interfaces – one of the most exposed and sensitive entry points in modern infrastructure.

❗ Exploitation could lead to service outages, business disruption, and open the door for follow-up attacks.

❗ With a CVSSv3 score of 9.8, this threat must be treated as critical and urgent.

How does Nynox protect its customers?

🔹 SentinelOne XDR via Nynox helps detect and block post-exploitation behavior
🔹 Custom detection scenarios are active across system and firewall logs
🔹 24×7 Incident Response (CSIRT) is on standby in case of severe exploitation
🔹 Proactive threat hunting based on SonicWall vulnerability IOCs

What can you do to mitigate the attack?

Immediately apply the latest firmware from SonicWall
✅ Ensure that SSL VPN interfaces are not publicly exposed without protection
✅ Monitor firewall and VPN logs for unusual activity
✅ Enable rate limiting and 2FA where possible

But what if you can’t?

🛡️ Restrict SSL VPN access using VPN tunneling, firewall rules, or trusted IPs only
🛡️ Disable unused remote access capabilities until patching is possible

In need of assistance?

We’re here for you! Nynox has a dedicated team of cybersecurity experts who can help you remediate this threat.

Contact us today

More insights

Gain valuable insights from our team of cybersecurity experts.

  • Threat

Threat alert – Microsoft SharePoint

Read more
Smarter SOC with Nynox and Tenable: handling incidents
  • Blog

Proactive Defense: Tenable’s Role in our SOC’s Incident Prevention Strategy

Read more
  • Blog

Webinar: Check Point from a SOC perspective

Read more
Back to overview
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.