CVE-2025-40601
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-12-12
Assigner: SonicWALL, Inc.
Description
Description
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonicwall | sonicos | From 7.1.1-7040 (inc) to 7.3.1-7013 (exc) |
| sonicwall | nsa_2700 | * |
| sonicwall | nsa_3700 | * |
| sonicwall | nsa_4700 | * |
| sonicwall | nsa_5700 | * |
| sonicwall | nsa_6700 | * |
| sonicwall | nssp_10700 | * |
| sonicwall | nssp_11700 | * |
| sonicwall | nssp_13700 | * |
| sonicwall | nssp_15700 | * |
| sonicwall | nsv270 | * |
| sonicwall | nsv470 | * |
| sonicwall | nsv870 | * |
| sonicwall | tz270 | * |
| sonicwall | tz270w | * |
| sonicwall | tz370 | * |
| sonicwall | tz370w | * |
| sonicwall | tz470 | * |
| sonicwall | tz470w | * |
| sonicwall | tz570 | * |
| sonicwall | tz570p | * |
| sonicwall | tz570w | * |
| sonicwall | tz670 | * |
| sonicwall | sonicos | to 8.0.3-8011 (exc) |
| sonicwall | nsa_2800 | * |
| sonicwall | nsa_3800 | * |
| sonicwall | nsa_4800 | * |
| sonicwall | nsa_5800 | * |
| sonicwall | tz280 | * |
| sonicwall | tz380 | * |
| sonicwall | tz480 | * |
| sonicwall | tz580 | * |
| sonicwall | tz680 | * |
| sonicwall | tz80 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the SonicOS SSLVPN service that allows a remote unauthenticated attacker to cause a Denial of Service (DoS) by crashing the impacted firewall.
How can this vulnerability impact me? :
The vulnerability can cause the affected firewall to crash, resulting in a Denial of Service (DoS) which may disrupt network security and connectivity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70