Cyber Security News

SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely

SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions.

Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines.

The Vulnerability Explained

The flaw stems from a Null Pointer Dereference (CWE-476) in SonicOS, which occurs when the software attempts to access memory via a pointer that lacks a valid reference.

Attackers can exploit this by sending specially crafted requests to the SSLVPN interface, triggering a denial-of-service (DoS) condition that crashes the firewall.

SonicWall firewalls that have SSL VPN enabled are vulnerable to remote exploitation without requiring user interaction or authentication,” the company stated in its advisory.

FieldDetails
Vulnerability NameSonicWall SSLVPN Null Pointer Dereference
CVECVE-2025-32818
CVSS v3 Score7.5
ImpactDenial-of-Service (DoS) by crashing the firewall remotely
Affected ProductsGen7 NSv (270, 470, 870), Gen7 Firewalls (TZ270, TZ370, TZ470, TZ570, TZ670, NSa 2700-6700, NSsp 10700-15700), TZ80
Affected VersionsGen7: 7.1.1-7040 to 7.1.3-7015; TZ80: 8.0.0-8037 and earlier
Fixed VersionsGen7: 7.2.0-7015 or higher; TZ80: 8.0.1-8017 or higher

Mitigation and Patches

SonicWall has released fixed firmware versions:

  • Gen7 Appliances: Upgrade to 7.2.0-7015 or higher
  • TZ80 Appliances: Upgrade to 8.0.1-8017 or higher

No workaround exists, and the company urges administrators to apply patches immediately. Organizations unable to update immediately should monitor SonicWall’s threat database for new exploit attempts.

Firewalls with compromised SSLVPN services risk operational paralysis, exposing internal networks to follow-on attacks.

This vulnerability is particularly concerning for enterprises relying on SonicWall’s Virtual Office for secure remote access.

“SonicWall customers must treat this as a critical priority. The lack of authentication requirements lowers the barrier for attackers to launch disruptive attacks,” said cybersecurity analyst Maria Chen of SafeNet Advisors.

  1. Verify Affected Models: Check if your firmware falls within the vulnerable versions.
  2. Apply Updates: Download patches from the SonicWall Support Portal.
  3. Monitor Traffic: Look for unusual SSLVPN connection attempts.

This marks SonicWall’s third major SSLVPN-related vulnerability since 2023, underscoring the importance of proactive patch management. With remote work still prevalent in 2025, securing VPN gateways remains a top defense against network breaches.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling…

3 hours ago

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a sophisticated…

5 hours ago

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated…

5 hours ago

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a host…

6 hours ago

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing Simulator,…

18 hours ago

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting…

19 hours ago