Since July, there has been a notable increase in ransomware activity targeting organizations using SonicWall firewalls, particularly the SonicWall SSL VPN functionality. A critical unknown vulnerability is giving attackers and ransomware groups initial access to internal networks, allowing them to move laterally, compromise domain controllers, and deploy ransomware to encrypt devices.
It is strongly advisable to temporarily disable SonicWall’s SSL VPN service until SonicWall releases more information regarding this critical vulnerability.
Platforms and Firmware at Risk
- Gen 7 and newer SonicWall firewalls with SSL VPN enabled
- Devices running firmware below version 7.3.0 are most at risk
- Devices migrated from Gen 6 to Gen 7 without resetting local account passwords are especially vulnerable
Related CVEs
- CVE-2025-40599
- CVE-2025-40596
- CVE-2025-40597
- CVE-2025-40598
- CVE-2024-40766
For further details and vendor guidance, visit SonicWall’s advisory here.
If your organization uses SonicWall devices, act immediately to mitigate risk. For assistance assessing exposure or implementing security controls related to the SonicWall VPN vulnerability, contact Withum’s Cybersecurity Consulting Services Team.
Authors: Ky Rees | [email protected] and Edward Keck, Jr., Partner and Market Leader, Cybersecurity Consulting Services | [email protected]
Contact Us
For more information on this topic, please contact a member of Withum’s Cybersecurity Consulting Services Team.
