SonicWall Under Pressure as Security Flaws Resurface

SonicWall is facing renewed attention after multiple security flaws in its products were found actively exploited this year, reports Cyber Scoop. So far in 2025, the company has disclosed 20 vulnerabilities, with four confirmed to be used in real attacks. Many of these issues affect its SMA 100 VPN appliances, making customers vulnerable to data breaches and system takeovers.

Earlier this month, three new flaws were discovered that could be combined to let attackers take full control of a device. While only one has shown signs of being used in real-world attacks so far, experts warn it may not stay that way. The bugs were quickly patched, but the ease of exploitation and public release of attack code make it a growing concern.

SonicWall isn’t the only vendor facing these issues—other major names like Palo Alto Networks, Cisco, and Ivanti have also had flaws exploited. Security researchers say these types of devices are often unprotected and hard to monitor, making them easy targets for attackers once they get inside a network.

One point of criticism is that SonicWall hasn’t signed CISA’s secure-by-design pledge, which asks vendors to build stronger security into their products by default. While SonicWall says it supports the idea and has started taking steps, it hasn’t made a formal commitment yet, unlike many of its competitors.