CVE-2025-40601

Summary

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOS7.3.0-7012 and older versionsaffected
SonicWallSonicOS8.0.2-8011 and older versionsaffected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References