NULL pointer dereference in Sonicwall Sonicos

CVE-2025-32818

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

EPSS: 0.005 (64.2th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 7.1.1-7040, 8.0.0-8037 and earlier versions

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009 (vendor-advisory)