There has been a rise in ransomware attacks targeting SonicWall. Many incidents trace back to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over without being reset. Review this Cybersecurity Threat Advisory to ensure your migration doesn’t leave you vulnerable.
What is the threat?
Warnings about Akira ransomware attacks targeting SonicWall firewalls with SSL VPN enabled have been issued. Despite initial claims of a zero-day vulnerability, it has now been confirmed that attackers are exploiting an older flaw—CVE-2025-40766 (CVSS score: 9.3)—disclosed last year. This previously known access-control vulnerability could allow attackers to gain unauthorized access to affected devices and, under certain conditions, cause the firewall to crash.
Why is it noteworthy?
SonicWall investigated approximately 40 incidents and, as patterns emerged, its internal threat team identified a link to a previously disclosed vulnerability—CVE-2025-40766. This finding confirmed the issue was not related to a zero-day attack. Researchers now believe the vulnerability has been exploited across a wide range of Gen 7 firewall appliances. When adversaries revisit and adapt known vulnerabilities, it typically signals they’ve discovered a new opportunity for exploitation.
What is the exposure or risk?
Many confirmed attacks occurred in environments where customers reused existing passwords during firewall migrations and failed to update their credentials. This oversight significantly increases exposure, making it easier for attackers to gain unauthorized access. Without proper credential management and security hardening, organizations remain vulnerable to repeat intrusions and escalating threats.
What are the recommendations?
Barracuda recommends the following steps to mitigate the impact of the SonicWall vulnerability:
- Update to SonicOS version 7.3.0.
- Enable Botnet Protection and Geo-IP Filtering.
- Reset all local user account passwords for any accounts with SSL VPN access, especially those migrated from Gen 6 to Gen 7.
- Remove unused or inactive user accounts.
- Enforce multi-factor authentication (MFA) and strong password policies.
- Subscribe to Barracuda Managed Vulnerability Security—a fully managed service delivered by the Barracuda Managed XDR SOC team—to proactively identify and remediate vulnerabilities before they can be exploited.
References
For more in-depth information about the recommendations, please visit the following links:
- https://finance.yahoo.com/news/sonicwall-says-recent-attack-wave-104938682.html?
- https://thehackernews.com/2025/08/sonicwall-confirms-patched.html
- https://www.securityweek.com/sonicwall-says-recent-attacks-dont-involve-zero-day-vulnerability/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.