SonicWall has clarified that attackers are not exploiting a zero-day vulnerability in their Gen 7 firewalls to infiltrate corporate networks. Instead, the recent surge in ransomware attacks, particularly by the Akira group, is linked to a previously disclosed vulnerability, CVE-2024-40766. Since mid-July 2025, researchers have noted increased ransomware activity targeting SonicWall’s SSL VPN functionality. Despite some attacks affecting fully patched devices, the issue appears connected to legacy credentials carried over during migrations from Gen 6 to Gen 7 firewalls. SonicWall advises upgrading to SonicOS 7.3 for enhanced security features like brute-force protection and password complexity enforcement. Organizations should update firmware, reset local user passwords, and enforce strong security measures. Researchers have identified around 28 similar attacks, sharing indicators of compromise and tactics used by the attackers.
Did attackers exploit a zero-day vulnerability in SonicWall Gen 7 firewalls?
