Externally-Controlled Format String Vulnerability in SonicWall SSL VPN
CVE-2025-40600

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 29 July 2025

Badges

📰 News Worthy

What is CVE-2025-40600?

A critical security flaw exists within the SonicWall SSL VPN interface that allows an attacker to exploit an externally-controlled format string. This vulnerability can lead to unauthorized disruption of service, enabling remote attackers to manipulate the application and potentially degrade its availability. Organizations using SonicOS SSL VPN should take immediate steps to assess their exposure and implement security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

SonicOS Gen7 7.2.0-7015 and older versions

News Articles

Cyber Press

CVE-2025-40600

Critical SonicWall SSL VPN Flaw Allows Attackers to Launch DoS Attacks on Firewalls

The vulnerability, designated CVE-2025-40600 and tracked as SNWLID-2025-0013, carries a CVSS severity score of 5.9 and specifically impacts the SSL VPN interface component of affected devices.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Cyber Press
Jul 30, 2025
Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Apr 16, 2025

Sonicwall

Badges

What is CVE-2025-40600?

Affected Version(s)

News Articles

Critical SonicWall SSL VPN Flaw Allows Attackers to Launch DoS Attacks on Firewalls

References

CVSS V3.1

Timeline