CVE-2025-40601
published 2025-11-20CVE-2025-40601: A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which…
PriorityP278high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.08%
60.9th percentile
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | < 8.0.3-8011 | 8.0.3-8011 |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | >= 7.1.1-7040 < 7.3.1-7013 | 7.3.1-7013 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-40601 targets the SonicOS SSLVPN service via a stack-based buffer overflow; monitor for unexpected crashes or reboots of SonicWall Gen7/Gen8 firewall appliances, which may indicate exploitation attempts causing DoS. ↗
- →Affected platforms are Gen7 hardware/virtual firewalls (fixed in 7.3.1-7013 and higher) and Gen8 firewalls (fixed in 8.0.3-8011 and higher); use version detection to identify unpatched devices exposed on SSLVPN ports. ↗
- →The attack is remotely exploitable by unauthenticated attackers; alert on anomalous or malformed traffic directed at the SonicOS SSLVPN service interface from untrusted/external sources. ↗
- ·Gen6 firewalls and SMA 1000/SMA 100 series SSL VPN products are NOT affected by CVE-2025-40601; scope detection and patching efforts only to Gen7 and Gen8 devices. ↗
- ·As of advisory publication, no active exploitation in the wild and no public PoC have been confirmed; however, SonicWall strongly urges patching or mitigating immediately. ↗
- ·If patching cannot be done immediately, the recommended interim mitigations are to disable the SonicOS SSLVPN service entirely or restrict access to the appliance to trusted source IPs only. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4h6c-rhpp-q86h: A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), w
ghsa_unreviewed·2025-11-20
CVE-2025-40601 [HIGH] CWE-121 GHSA-4h6c-rhpp-q86h: A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), w
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
VulnCheck
SonicWall sonicos Stack-based Buffer Overflow
vulncheck·2025·CVSS 7.5
CVE-2025-40601 [HIGH] SonicWall sonicos Stack-based Buffer Overflow
SonicWall sonicos Stack-based Buffer Overflow
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Affected: SonicWall sonicos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://6288364.fs1.hubspotusercontent-na1.net/hubfs/6288364/Threat%20Intel%20Reports/Arete_Annual_Report%20_2025.pdf
No detection rules found.
No public exploits indexed.
2025-11-20
Published
Exploited in the wild