Summary: SonicWall has issued an urgent advisory regarding a high-severity vulnerability in its SSLVPN Virtual Office interface that allows unauthenticated attackers to remotely crash firewalls, leading to network disruptions. This vulnerability, tracked as CVE-2025-32818 and with a CVSS v3 score of 7.5, impacts various firewall models. SonicWall urges immediate updates to mitigate the risk of operational paralysis and subsequent attacks.
Affected: SonicWall firewall models (Gen7 and TZ80 product lines)
Keypoints :
- Vulnerability is due to a Null Pointer Dereference in SonicOS.
- Attackers can cause a denial-of-service (DoS) condition by sending crafted requests.
- Fixed firmware versions are available for immediate update: Gen7 to 7.2.0-7015 or higher, TZ80 to 8.0.1-8017 or higher.
- No workarounds are available, and monitoring for unusual activity is advised.
- This is SonicWallβs third major SSLVPN vulnerability since 2023, highlighting the need for vigilant patch management.