{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-029.pdf"
    },
    "title": "Possible Zero-Day Vulnerability in SonicWall Products",
    "serial_number": "2025-029",
    "publish_date": "13-08-2025 10:09:42",
    "description": "On August 4, 2025, SonicWall issued an advisory regarding a possible zero-day vulnerability in the Gen 7 SonicWall firewalls. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild.<br>\nIt is recommended to disable SSLVPN Services as soon as possible.<br>\n",
    "url_title": "2025-029",
    "content_markdown": "---    \ntitle: 'Possible Zero-Day Vulnerability in\u00a0SonicWall\u00a0Products'\nnumber: '2025-029'\nversion: '1.0'\noriginal_date: '2025-08-04'\ndate: '2025-08-05'\n---\n\n_History:_\n\n* _05/08/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 4, 2025, SonicWall issued an advisory regarding a possible zero-day vulnerability in the Gen 7 SonicWall firewalls [1]. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild [2].\n\nIt is recommended to disable SSLVPN Services as soon as possible.\n\n# Products Affected\n\nThe vulnerability seems to be affecting Gen 7 SonicWall firewalls. The vendor is investigating, but at the time of this writing, no more details are available [1]. \n\n# Recommendations\n\nIt is strongly recommended to follow the vendor guidance [1]:\n\n- Enable Security Services\n- Enforce Multi-Factor Authentication (MFA)\n- Remove Unused Accounts\n- Practice Good Password Hygiene\n\n## Mitigation\n\nFollowing the vendor guidance [1] should help prevent exploitation:\n\n- Disable SSLVPN Services Where Practical\n- Limit SSLVPN connectivity to trusted source IPs.\n\n# References\n\n[1] <https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430>\n\n[2] <https://www.huntress.com/blog/exploitation-of-sonicwall-vpn>",
    "content_html": "<p><em>History:</em></p><ul><li><em>05/08/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 4, 2025, SonicWall issued an advisory regarding a possible zero-day vulnerability in the Gen 7 SonicWall firewalls [1]. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild [2].</p><p>It is recommended to disable SSLVPN Services as soon as possible.</p><h2 id=\"products-affected\">Products Affected</h2><p>The vulnerability seems to be affecting Gen 7 SonicWall firewalls. The vendor is investigating, but at the time of this writing, no more details are available [1]. </p><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended to follow the vendor guidance [1]:</p><ul><li>Enable Security Services</li><li>Enforce Multi-Factor Authentication (MFA)</li><li>Remove Unused Accounts</li><li>Practice Good Password Hygiene</li></ul><h3 id=\"mitigation\">Mitigation</h3><p>Following the vendor guidance [1] should help prevent exploitation:</p><ul><li>Disable SSLVPN Services Where Practical</li><li>Limit SSLVPN connectivity to trusted source IPs.</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430\">https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.huntress.com/blog/exploitation-of-sonicwall-vpn\">https://www.huntress.com/blog/exploitation-of-sonicwall-vpn</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}