On August 4, 2025, SonicWall issued a critical security advisory regarding active exploitation attempts against its Gen-7 firewalls' SSL-VPN services. Threat actors are leveraging a possible zero-day vulnerability to bypass authentication and deliver ransomware payloads, even on fully patched systems.
SonicWall Advisory: Gen-7 SonicWall Firewalls SSLVPN Recent Threat Activity
This vulnerability is being actively exploited by ransomware operators, including the notorious Akira ransomware group, as detailed by Huntress Labs and covered by TechCrunch. Attackers are targeting SonicWall’s SSL-VPN features to gain initial access, bypass Multi-Factor Authentication (MFA), and move laterally within networks—impacting businesses of all sizes, including small and mid-sized organizations.
What WatchPoint Has Done Immediately
In response, WatchPoint has proactively disabled VPN access on all SonicWall appliances to prevent potential exploitation. We audited configurations across all client networks to ensure:
Are You at Risk? Here's How to Know
If your organization:
You are vulnerable to this exploitation chain—even if MFA is enabled.
➡️ Contact WatchPoint immediately to schedule a Zero-Day Vulnerability Assessment. We will help you verify exposure, implement immediate containment, and advise on secure remote access alternatives.
Recommended Actions for All SonicWall Users
Even if you're not a WatchPoint client, we strongly recommend the following actions:
1. Disable SSL-VPN Services Temporarily
2. Restrict VPN Access by IP Address
3. Audit All User Accounts
NOTE: Some reports suggest even with MFA enforced the activity under investigation bypasses MFA
4. Enable SonicWall Security Services
5. Increase Log Monitoring and Alerts
6. Consult with a Security Partner Engage a trusted MSP like WatchPoint for ongoing monitoring, incident response readiness, and compliance-driven risk management.
Why This Matters for SMBs
Ransomware actors increasingly target professional services, healthcare, financial institutions, and other SMBs in regulated sectors. A successful exploit could lead to:
📞 Need Help? We're Standing By 319-535-5350
If you’re unsure whether your SonicWall deployment is at risk or need immediate help with containment and remediation contact WatchPoint today.
We provide rapid assessments, mitigation support, and co-managed IT security services designed to protect small and mid-sized businesses from evolving cyber threats.
References: