Vulnerability in Sonicwall Sonicos

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

EPSS: 0.003 (53.6th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 7.2.0-7015 and older versions

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013 (vendor-advisory)