cbcvebase.
CVE-2025-40601
published 2025-11-20

CVE-2025-40601: A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which…

PriorityP278high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.08%
60.9th percentile
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Affected

4 ranges
VendorProductVersion rangeFixed in
sonicwallsonicos< 8.0.3-80118.0.3-8011
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos>= 7.1.1-7040 < 7.3.1-70137.3.1-7013

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-40601 targets the SonicOS SSLVPN service via a stack-based buffer overflow; monitor for unexpected crashes or reboots of SonicWall Gen7/Gen8 firewall appliances, which may indicate exploitation attempts causing DoS.
  • Affected platforms are Gen7 hardware/virtual firewalls (fixed in 7.3.1-7013 and higher) and Gen8 firewalls (fixed in 8.0.3-8011 and higher); use version detection to identify unpatched devices exposed on SSLVPN ports.
  • The attack is remotely exploitable by unauthenticated attackers; alert on anomalous or malformed traffic directed at the SonicOS SSLVPN service interface from untrusted/external sources.
  • ·Gen6 firewalls and SMA 1000/SMA 100 series SSL VPN products are NOT affected by CVE-2025-40601; scope detection and patching efforts only to Gen7 and Gen8 devices.
  • ·As of advisory publication, no active exploitation in the wild and no public PoC have been confirmed; however, SonicWall strongly urges patching or mitigating immediately.
  • ·If patching cannot be done immediately, the recommended interim mitigations are to disable the SonicOS SSLVPN service entirely or restrict access to the appliance to trusted source IPs only.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.