CVE-2025-40600Use of Externally-Controlled Format String in Sonicos

CWE-134Use of Externally-Controlled Format String3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 69.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sonicwall Sonicos
Timeline
PublishedJul 29
Latest updateJul 30

Description

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsonicwall/sonicos7.1.1-70407.3.0-7012
CVEListV5sonicwall/sonicos7.2.0-7015 and older versions

🔴Vulnerability Details

2
GHSA
GHSA-h43f-rh6w-3w65: Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service di2025-07-30
CVEList
CVE-2025-40600: Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service di2025-07-29
CVE-2025-40600 — Sonicwall Sonicos vulnerability | cvebase