Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SonicWall SonicOS SSLVPN stack-based buffer overflow DoS denial-of-service flaw (CVE-2025-40601)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

SonicWall has patched CVE-2025-40601, a stack-based buffer overflow in the SonicOS SSLVPN service that can let a remote unauthenticated attacker crash Gen7 and Gen8 firewalls. The vendor says it is not aware of active exploitation and has not seen a public proof-of-concept. Administrators who cannot patch immediately are advised to disable SSLVPN or restrict access to trusted sources.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

Akira SonicWall SSL VPN MFA-bypass campaign

Campaign
First: 28.09.2025 21:49 Last: 28.09.2025 21:49 Sources 1

About this happening: **Akira-affiliated** actors are causing **widespread compromise** of **SonicWall SSL VPN devices**, with Huntress reporting activity that began on **October 4, 2025** and impacted...

Latest development: 11.10.2025 16:30

Huntress warned that Akira-affiliated threat actors rapidly authenticated into multiple accounts across compromised SonicWall SSL VPN devices, affecting more than 100 accounts across 16 customer environments and beginning on October 4, 2025. In some cases the actors disconnected after a short time, while in others they performed network scanning and attempted to access local Windows accounts; authentications on the SonicWall devices originated from 202.155.8[.]73 and appeared to rely on valid credentials rather than brute force.

Open Happening

SonicWall SSL VPN CVE-2024-40766 active exploitation wave

Exploitation Wave
First: 11.09.2025 19:32 Last: 11.09.2025 19:32 Sources 1

About this happening: **Akira** is driving a renewed wave of **active exploitation** of **CVE-2024-40766** against **SonicWall SSL VPNs**, creating immediate unauthorized-access risk for exposed device...

Open Happening

Akira ransomware group SonicWall initial-access campaign

Campaign
First: 11.09.2025 13:33 Last: 11.09.2025 13:33 Sources 1

About this happening: The **Akira ransomware group** is associated with a continuing **SonicWall SSL VPN** initial-access campaign that uses **CVE-2024-40766** and related credential abuse to breach vi...

Latest development: 04.12.2025 00:06

Marquis Software Solutions says a ransomware attack on August 14, 2025 breached its network through a SonicWall firewall and exposed files containing personal information for customers of 74 banks and credit unions, affecting over 400,000 customers; Marquis says there is no evidence the data has been misused or published anywhere.

Open Happening

Timeline

  1. 20.11.2025 17:56 2 articles · 6mo ago

    SonicWall discloses CVE-2025-40601 in SonicOS SSLVPN

    Initial Disclosure

    SonicWall urged customers to patch CVE-2025-40601, a stack-based buffer overflow in the SonicOS SSLVPN service that can let a remote unauthenticated attacker cause Denial of Service (DoS) and crash impacted Gen7 hardware Firewalls, Gen7 virtual Firewalls (NSv), and Gen8 Firewalls. SonicWall PSIRT said it is not aware of active exploitation in the wild, no public PoC has been made public, and administrators who cannot immediately deploy the updates are advised to disable the SonicOS SSLVPN service or restrict access to trusted sources.

    Show sources
    Open in new tab