CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek.

SonicWall vulnerability

SonicWall this week rolled out fixes for high-severity vulnerabilities that can allow attackers to crash firewalls or execute arbitrary files on Email Security appliances.

Over 30 SonicWall Gen7 and Gen8 firewalls are affected by a stack-based buffer overflow bug in the SonicOS SSL VPN service that could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition leading to device crashes.

Tracked as CVE-2025-40601 (CVSS score of 7.2), the issue affects only firewalls that have the SonicOS SSLVPN interface or service enabled.

The weakness was resolved with the release of SonicOS versions 7.3.1-7013 and 8.0.2-8011. SonicWall Gen6 firewalls and the SMA 1000 and SMA 100 series appliances are not affected.

Until they can apply the newly released fixes, customers are advised to limit SonicOS SSL VPN access to trusted source IP addresses, and disable access from untrusted sources.

SonicWall’s Email Security appliances received fixes for two security defects, including a high-severity flaw that allows attackers to modify system files and gain arbitrary code execution.

The first vulnerability, tracked as CVE-2025-40604 (CVSS score of 7.2), exists because the appliances do not verify the signature of loaded root filesystem images.

The second bug, CVE-2025-40605 (CVSS score of 4.9), is described as a path traversal issue that can be exploited to manipulate file system paths.

An attacker can trigger the flaw “by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path”, SonicWall explains.

SonicWall addressed the security defect in Email Security 5000, 5050, 7000, 7050, 9000, VMWare, and Hyper-V appliances with version 10.0.34.8215.

The company says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on SonicWall’s security advisories page.

Related: SolarWinds Patches Three Critical Serv-U Vulnerabilities

Related: Chrome 142 Update Patches Exploited Zero-Day

Related: State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack

Related: SonicWall SSL VPN Accounts in Attacker Crosshairs

Latest News

CYBERNEWSMEDIAPublisher