Sonicwall News Articles

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw.

12 hours ago

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall confirms recent SSL VPN attacks link to patched CVE-2024-40766 and reused passwords, urging password resets.

16 hours ago

Akira Ransomware Exploits SonicWall SMA100 Vulnerabilities: What You Need to Know | Bitsight

New SonicWall SMA100 vulnerabilities (CVE-2025-40596 to CVE-2025-40599) could enable remote code execution—even on patched devices. While Akira ransomware activ

2 days ago

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day - Help Net Security

Attackers using the Akira ransomware and possibly a zero-day exploit have been targeting SonicWall firewalls since July 15, 2025.

3 days ago

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

watchTowr details SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). How pre-auth stack/heap overflows and XSS, put SSL-VPNs at risk.

1 week ago

Critical SonicWall SSL VPN Flaw Allows Attackers to Launch DoS Attacks on Firewalls

The vulnerability, designated CVE-2025-40600 and tracked as SNWLID-2025-0013, carries a CVSS severity score of 5.9 and specifically impacts the SSL VPN interface component of affected devices.

1 week ago

Researchers Uncover N-day Vulnerabilities in SonicWall SMA100 Series

The vulnerabilities, disclosed on July 28, 2025, affect firmware version 10.2.1.15 and highlight persistent issues with HTTP header parsing in network security devices.

1 week ago

Researchers Reveal Technical Details of SonicWall SMA100 Series N-Day Vulnerabilities

Security researchers have disclosed technical details of three previously patched vulnerabilities affecting SonicWall's SMA100 series SSL-VPN appliances.

1 week ago

Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)

It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf. If that’s the case, well done! SonicWall’s SMA100 series

1 week ago

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.

2 weeks ago

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) - Help Net Security

Sonicwall is asking customers SMA 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible.

2 weeks ago

Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For

SonicWall Issues Patch for Exploit Chain in SMA Devices

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

SonicWall fixes 3 critical SMA 100 flaws enabling root-level remote code execution via SSL-VPN access.

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) - Help Net Security

SonicWall has fixed multiple SMA100 vulnerabilities, one of which (CVE-2025-32819) may have been leveraged in the wild.

Multiple SonicWall SMA 100 Vulnerabilities Let Attackers Compromise Systems

SonicWall has disclosed multiple high-severity vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. 

2 SonicWall Vulnerabilities Under Active Exploit

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.

SonicWall Warns of Active Exploitation of Critical SMA VPN Vulnerabilities

SonicWall has issued alerts regarding two critical vulnerabilities in its Secure Mobile Access (SMA) appliances that are being actively exploited. The vulnerabilities, designated as CVE-2023-44221 and...

CISA Adds CVE-2024-38475 And CVE-2023-44221 To KEV Catalog

CISA updates its KEV Catalog with CVE-2024-38475 and CVE-2023-44221, posing risks to Apache HTTP Server and SonicWall SMA100 devices.

SonicWall OS Command Injection Vulnerability Exploited in the Wild

SonicWall has issued an urgent warning to customers that threat actors are actively exploiting a high-severity command injection vulnerability in its Secure Mobile Access (SMA) appliances.

SonicWall: SMA100 VPN vulnerabilities now exploited in attacks

Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks.

SonicWall, Palo Alto Networks flaws under attack, added to CISA list

The critical SonicOS SSLVPN flaw and high-severity PAN-OS flaw both risk authentication bypass.

SonicWall, Palo Alto Networks flaws under attack, added to CISA list

The critical SonicOS SSLVPN flaw and high-severity PAN-OS flaw both risk authentication bypass.

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn.

SonicWall firewalls under attack. Patch now

updated Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code. The...

SonicWall firewall bug leveraged in attacks after PoC exploit release

Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.

SonicWall firewall bug targeted in attacks after PoC exploit release

Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.

Unpatched SonicWall Firewalls Vulnerability Actively Exploited To Hijack SSL VPN Sessions

A critical vulnerability in SonicWall firewalls, identified as CVE-2024-53704, has been actively exploited by attackers.

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application.

SonicWall Confirms Exploitation of New SMA Zero-Day

SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) - Help Net Security

5,000+ SonicWall firewalls are still vulnerable to attack via a vulnerability (CVE-2024-53704) that's "at imminent risk of exploitation".

SonicWall SMA Appliances Exploited in Zero-Day Attacks

Critical flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately to protect systems.

CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability, CVE-2025-23006, affecting SonicWall’s Secure Mobile Access (SMA) 1000 series appliances.

Week in review: 48k Fortinet firewalls open to attack, attackers "vishing" orgs via Microsoft Teams - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild.

SonicWall 0-day Vulnerability Exploited In Attacks Execute Arbitrary OS Commands 

A critical security vulnerability, tracked as CVE-2025-23006, has been identified in SonicWall's SMA1000 Appliance Management Console

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks.

Zero-day vulnerability in SonicWall SMA series under attack | Tech...

Infosec experts urged enterprises to patch a SonicWall vulnerability that could allow an attacker to compromise the operating system.

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Critical SonicWall zero-day (CVE-2025-23006) in SMA 1000 appliances fixed. Rated 9.8 CVSS; patch now to prevent active exploitation.

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) - Help Net Security

A zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited.

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day

SonicWall credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.

Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication

A new security advisory has been released regarding several vulnerabilities in SonicWall's SonicOS software, bypass authentication mechanisms.

Major IT Vulnerabilities Reported In Fortinet, SonicWall, Grafana

Cyble's report reveals critical vulnerabilities in Fortinet, SonicWall, and Grafana Labs impacting over 1 million assets.

Fog and Akira ransomware attacks exploit SonicWall VPN flaw

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.

Fog ransomware targets SonicWall VPNs to breach corporate networks

Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls.

CISA says SonicWall bug being exploited as experts warn of ransomware gang use

Federal cybersecurity experts are warning that a vulnerability affecting products from SonicWall is being exploited, and ordered all federal civilian agencies to implement a patch for the bug by the end of the month.

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) - Help Net Security

CISA has added CVE-2024-40766 to its KEV catalog, thus confirming it is being actively exploited by attackers.

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Critical SonicWall firewall flaw CVE-2024-40766 may be exploited. Patch now to secure your systems.

CISA KEV Update Part II – September 2024.

The US CISA added below vulnerabilities to the Known Exploited Vulnerability Catalog based on the evidence of active exploitation CVE-2024-40766  SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cau...

Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.