_courtesy_VERTICAL.jpg)
![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![[DEALS] Mail Backup X Individual Edition: Lifetime Subscription (72% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Ships 55 Million iPhones, Claims Second Place in Q1 2025 Smartphone Market [Report]](https://www.iclarified.com/images/news/97185/97185/97185-640.jpg)
SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition
A significant security vulnerability has been identified in the SonicWall Connect Tunnel Windows Client, affecting both 32-bit and 64-bit versions. This vulnerability, designated as CVE-2025-32817, involves an Improper Link Resolution issue, categorized under CWE-59. The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, […] The post SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition appeared first on Cyber Security News.
.webp?#)
A significant security vulnerability has been identified in the SonicWall Connect Tunnel Windows Client, affecting both 32-bit and 64-bit versions.
This vulnerability, designated as CVE-2025-32817, involves an Improper Link Resolution issue, categorized under CWE-59.
The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, potentially leading to file corruption.
Symbolic Link Vulnerability
The vulnerability arises from the client’s inability to properly resolve file links, allowing an attacker to create symbolic links that the service may interpret as legitimate files.
This can lead to unintended file creation, which can disrupt system functionality and cause a persistent DoS condition.
The vulnerability is rated with a CVSS v3 score of 6.1, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, reflecting local attack vector requirements, low attack complexity, and low privileges needed for exploitation.
To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.
Once this access is obtained, the attacker can create symbolic links that the SonicWall VPN service will mistakenly interpret as legitimate files. This can lead to unauthorized file overwrites, which may result in a DoS condition or file corruption.
The vulnerability was discovered by CrisprXiang and Hao Huang with FDU, through the Trend Micro Zero Day Initiative.
Risk Factors Details Affected Products SonicWall Connect Tunnel Windows Client (32/64-bit) versions ≤12.4.3.283 Impact Unauthorized file overwrite leading to denial of service (DoS) or file corruption Exploit Prerequisites Local system access (AV:L), low privileges (PR:L), and user interaction not required (UI:N) CVSS 3.1 Score 6.1 (Medium)
Affected Products and Versions
- Affected Product: SonicWall Connect Tunnel Windows Client (both 32-bit and 64-bit).
- Affected Versions: All versions up to 12.4.3.283.
- Unaffected Products: Connect Tunnel clients for Linux and Mac are not impacted by this vulnerability.
Fixes Released
SonicWall has issued an update to address this vulnerability. Users are advised to upgrade to version 12.4.3.298 or higher of the Connect Tunnel Windows Client to mitigate the risk.
There are no workarounds available for this issue, making the software update the only effective solution.
The SonicWall Connect Tunnel vulnerability highlights the importance of maintaining up-to-date software to prevent exploitation by malicious actors.
As cybersecurity threats continue to evolve, it is crucial for organizations and individuals to prioritize software updates and security patches to protect against emerging vulnerabilities.
Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The post SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition appeared first on Cyber Security News.
