A significant security vulnerability has been identified in the SonicWall Connect Tunnel Windows Client, affecting both 32-bit and 64-bit versions.
This vulnerability, designated as CVE-2025-32817, involves an Improper Link Resolution issue, categorized under CWE-59.
The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, potentially leading to file corruption.
The vulnerability arises from the client’s inability to properly resolve file links, allowing an attacker to create symbolic links that the service may interpret as legitimate files.
This can lead to unintended file creation, which can disrupt system functionality and cause a persistent DoS condition.
The vulnerability is rated with a CVSS v3 score of 6.1, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, reflecting local attack vector requirements, low attack complexity, and low privileges needed for exploitation.
To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.
Once this access is obtained, the attacker can create symbolic links that the SonicWall VPN service will mistakenly interpret as legitimate files. This can lead to unauthorized file overwrites, which may result in a DoS condition or file corruption.
The vulnerability was discovered by CrisprXiang and Hao Huang with FDU, through the Trend Micro Zero Day Initiative.
| Risk Factors | Details |
| Affected Products | SonicWall Connect Tunnel Windows Client (32/64-bit) versions ≤12.4.3.283 |
| Impact | Unauthorized file overwrite leading to denial of service (DoS) or file corruption |
| Exploit Prerequisites | Local system access (AV:L), low privileges (PR:L), and user interaction not required (UI:N) |
| CVSS 3.1 Score | 6.1 (Medium) |
SonicWall has issued an update to address this vulnerability. Users are advised to upgrade to version 12.4.3.298 or higher of the Connect Tunnel Windows Client to mitigate the risk.
There are no workarounds available for this issue, making the software update the only effective solution.
The SonicWall Connect Tunnel vulnerability highlights the importance of maintaining up-to-date software to prevent exploitation by malicious actors.
As cybersecurity threats continue to evolve, it is crucial for organizations and individuals to prioritize software updates and security patches to protect against emerging vulnerabilities.
Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The U.S. Department of Justice unsealed federal charges Thursday against Russian national Rustam Rafailevich Gallyamov,…
A comprehensive security research demonstration has revealed how attackers can systematically undermine modern zero-trust security…
A cybersecurity threat has emerged targeting one of the world's largest fast-food chains, as a…
The cybersecurity landscape witnessed a significant milestone this February with the emergence of BypassERWDirectSyscallShellcodeLoader, a…
Cybercriminals are increasingly targeting cryptocurrency users through sophisticated malware campaigns that exploit the trust placed…
Cybersecurity researchers have uncovered a sophisticated new formjacking malware campaign targeting WooCommerce-powered e-commerce websites, representing…