THREAT ALERT
Wednesday, August 6th, 2025
There has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled. This includes threat activity highlighted by several third-party cybersecurity research teams.
DefenseStorm is aware that, over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled. This includes threat activity highlighted by several third-party cybersecurity research teams. Please see the content below taken directly from SonicWall:
“We are actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible.”
Ongoing Investigation
We are:
Recommended Mitigation Steps
Until further notice, we strongly advise all partners and customers using Gen 7 SonicWall firewalls to take the following actions:
Please remain vigilant and apply the above mitigations immediately to reduce exposure while we continue our investigation. We will update this KB as additional information becomes available.
Change Log
DefenseStorm Response
DefenseStorm is recommending that everyone who uses SonicWall review any advisories received or published by SonicWall and evaluate if they apply to your organization.
DefenseStorm always recommends applying any changes in accordance with your existing internal policies and change controls.
Please bookmark: https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 to stay up to date with the latest developments related to this incident.