Product Notice: SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service (DoS) Vulnerability

Overview

CVE-2025-32818
CVSS Score: 7.5

A Null Pointer Dereference vulnerability has been identified in the SonicOS SSLVPN Virtual Office interface. This issue could allow a remote, unauthenticated attacker to trigger a crash in the firewall, potentially resulting in a Denial-of-Service (DoS) condition.

Product Impact

Please review the table below to see the products and their versions that are impacted:

Affected Platforms	Affected Versions
Gen7 NSv - NSv 270, NSv 470, NSv 870 Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700	Version 7.1.1-7040 to 7.1.3-7015 (7.1.x only
TZ80	8.0.0-8037 and earlier versions

NOTE: SonicOS GEN6 and GEN7 7.0.x firmware versions are not affected by this vulnerability.

Workaround

If the SSLVPN service is disabled on the firewall, this vulnerability cannot be exploited.

Remedition

Organizations using the affected platforms should immediately log in to MySonicWall.com to upgrade their appliances to the fixed firmware versions outlined below.

Fixed Platforms	Fixed Versions
Gen7 NSv - NSv 270, NSv 470, NSv 870 Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700	7.2.0-7015 and higher
TZ80	8.0.1-8017 and higher

Related information

Previous Alert
January 23, 2025
Product Notice: Urgent Security Notification - SMA 1000
Read More
Next Alert
July 23, 2025
Product Notice: SMA100 Post-Authentication Arbitrary File Upload Vulnerability
Read More