Critical Vulnerability Information Vulnerability Overview Advisory ID: SNWLID-2025-0013 First Published: 2025-07-29 Last Updated: 2025-07-30 Workaround: True Status: Applicable CVE: CVE-2025-40600 CWE: CWE-134 CVSS v3: 5.9 CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Vulnerability Summary An external control format string vulnerability in the SonicOS SSL VPN interface allows a remote, unauthenticated attacker to cause a denial of service. SonicWall strongly recommends users of SonicWall firewall products to upgrade to the specified fixed versions to resolve this vulnerability. Affected Products Affected Platforms: - Gen7 hardware firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570i, TZ670, NSA 2700, NSA 3700, NSA 4700, NSA 5700, NSA 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 - Gen7 virtual firewalls (NSv): NSv270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) Affected Versions: 7.2.0-7015 and earlier (7.0.1 branch is not affected) Solution Affected Platforms: - Gen7 hardware firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570i, TZ670, NSA 2700, NSA 3700, NSA 4700, NSA 5700, NSA 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 - Gen7 virtual firewalls (NSv): NSv270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) Fixed Versions: 7.3.0-7012 and later Workaround Disable the SSL-VPN interface, as this vulnerability only affects the SSL-VPN component of the firewall. Firewalls without SSL-VPN enabled are not affected.