What is CVE-2024-12805?

CVE-2024-12805 is a vulnerability in Sonicwall Sonicos, classified under Use of Externally-Controlled Format String. Published 2025-01-09.

Is CVE-2024-12805 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sonicwall Sonicos

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

EPSS: 0.015 (81.2th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 6.5.4.15-117n and older versions, 7.0.1-5161 and older version, 7.1.2-7019

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 (vendor-advisory)

Frequently asked questions

What is CVE-2024-12805?: CVE-2024-12805 is a vulnerability in Sonicwall Sonicos, classified under Use of Externally-Controlled Format String. Published 2025-01-09.
Is CVE-2024-12805 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.