![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![yaps[dot]chat - one-time end-to-end encrypted anonymous chats. now Open-Source!!](https://media2.dev.to/dynamic/image/width%3D1000,height%3D500,fit%3Dcover,gravity%3Dauto,format%3Dauto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1m7ads99lbphtyw35iah.png)
![[DEALS] Sterling Stock Picker: Lifetime Subscription (85% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Some Pixel Tablet accessories we can’t live without [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/10/Pixel-Tablet-Header.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![M4 MacBook Air Drops to New All-Time Low of $912 [Deal]](https://www.iclarified.com/images/news/97108/97108/97108-640.jpg)
![New iPhone 17 Dummy Models Surface in Black and White [Images]](https://www.iclarified.com/images/news/97106/97106/97106-640.jpg)
SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances
SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disruptions to enterprise networks. The vulnerability, tracked as CVE-2025-32818, received a high severity CVSS score of 7.5 and affects numerous SonicWall firewall models running specific firmware versions. SonicWall SSLVPN Vulnerability Security […] The post SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances appeared first on Cyber Security News.
SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disruptions to enterprise networks.
The vulnerability, tracked as CVE-2025-32818, received a high severity CVSS score of 7.5 and affects numerous SonicWall firewall models running specific firmware versions.
SonicWall SSLVPN Vulnerability
Security researchers identified a NULL Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual Office interface.
This flaw allows an attacker to remotely trigger a firewall crash without requiring any authentication, leading to a Denial-of-Service (DoS) condition that could disrupt critical network services.
“When exploited, this vulnerability forces the device to reference a NULL pointer, causing the firewall to crash and restart,” explained Jon Williams of Bishop Fox, who is credited with discovering the vulnerability.
“Since the attack requires no authentication, it presents a significant risk to internet-facing SonicWall devices.”
The advisory classifies the vulnerability under CWE-476, which covers NULL Pointer Dereference issues.
The CVSS vector CVSS:3.0 indicates the vulnerability is network-accessible, requires low complexity to exploit, needs no privileges or user interaction, and primarily impacts system availability.
Risk Factors Details Affected Products – Gen7 NSv (NSv 270/470/870)- Gen7 Firewalls (TZ270/TZ370/TZ470/TZ570/TZ670 series, NSa 2700/3700/4700/5700/6700, NSsp 10700/11700/13700/15700)- TZ80 (firmware ≤8.0.0-8037) Impact Denial-of-Service (DoS) via firewall crash Exploit Prerequisites – Network access to vulnerable SSLVPN interface- No authentication required CVSS 3.1 Score 7.5 (High)
Affected Products
The vulnerability impacts explicitly SonicWall Gen7 NSv models (NSv 270, NSv 470, NSv 870) and Gen7 Firewalls including TZ series (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670), NSa series (NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700), and NSsp series (NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700) running firmware versions 7.1.1-7040 to 7.1.3-7015.
Additionally, the TZ80 model running firmware version 8.0.0-8037 and earlier is affected. Notably, SonicOS GEN6 and GEN7 7.0. x firmware versions are not vulnerable to this exploit.
SonicWall has released fixed versions to address this vulnerability. Affected customers are strongly advised to upgrade to firmware version 7.2.0-7015 or higher for Gen7 devices, or 8.0.1-8017 or higher for TZ80 models.
The company noted in its security advisory that no workaround is available, making firmware updates the only effective mitigation against this vulnerability.
Security experts recommend that organizations with affected devices implement these patches immediately, especially for internet-facing firewalls.
Organizations should also monitor their devices for signs of exploitation, such as unexpected reboots or service disruptions.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances appeared first on Cyber Security News.
