SonicWall Products Multiple Vulnerabilities

Release Date: 21 Nov 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in SonicWall Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• Email Security (ES Appliance 5000, 5050, 7000, 7050, 9000, VMware and Hyper-V) 10.0.33.8195 and earlier versions
• Gen7 hardware Firewalls (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700) 7.3.0-7012 and older versions
• Gen7 virtual Firewalls (NSv270, NSv470, NSv870 for ESX, KVM, Hyper-V, AWS, Azure) 7.3.0-7012 and older versions
• Gen8 Firewalls (TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800) 8.0.2-8011 and older versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018

---

Vulnerability Identifier

• CVE-2025-40601
• CVE-2025-40604
• CVE-2025-40605

---

Source

• SonicWall

---

Related Link

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018