vulnerability
SonicWall SonicOS: CVE-2025-40601: SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Nov 19, 2025 | May 21, 2026 | May 21, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 19, 2025
Added
May 21, 2026
Modified
May 21, 2026
Description
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this vulnerability has not been reported to SonicWall. And SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance. NOTE: This vulnerability ONLY impacts the SonicOS SSLVPN interface or service if enabled on the firewall.
Solutions
sonicwall-sonicos-gen7-upgrade-731-7013sonicwall-sonicos-gen8-upgrade-803-8011
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.