SonicWall has released new firmware for SonicOS GEN7 and TZ80 on April 24, 2025. This firmware includes mitigation for a high severity vulnerability and should be applied immediately. SonicOS versions 7.1.1-7040 and above are impacted.
The firmware addresses a null pointer dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a denial-of-service condition.
SonicWall says it is important for customers running older firmware to perform the upgrade and treat the notification as urgent. SonicOS 7.0.1 can still be used if running GMS or requiring FIPS certification but should be upgraded to the latest release.
The recommended releases include SonicOS 7.2.0-7015 for all Gen7 Platforms and SonicOS 8.0.1-8017 for TZ80.
Further information relating to this vulnerability will be available on the 24th of April when public disclosure occurs.
