Sonicwall has identified that recent attacks on certain firewall series are likely exploiting an older vulnerability rather than a zero-day flaw. The company highlights that the target is a critical vulnerability from 2024, known as CVE-2025-40766, which had previously been used in ransomware attacks. Although security updates have been available since then, many systems remain unpatched, prompting an urgent call for administrators to ensure their systems are secure.
The company reports fewer than 40 attack cases, primarily affecting firewalls upgraded from Gen 6 to Gen 7. Attackers have also obtained passwords, posing a significant security threat. Sonicwall advises admins to reset passwords for users with SSL VPN access and to ensure firmware version 7.3.0 or higher is installed. Additional protective measures include enabling botnet protection, geo-IP filtering, and multi-factor authentication (MFA). Admins should also audit accounts, removing any inactive or unknown ones to bolster security.

