Dos
sysops

A significant security vulnerability has been identified in the SonicWall Connect Tunnel Windows Client, affecting both 32-bit and 64-bit versions. 

This vulnerability, designated as CVE-2025-32817, involves an Improper Link Resolution issue, categorized under CWE-59. 

The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, potentially leading to file corruption.

Symbolic Link Vulnerability

The vulnerability arises from the client’s inability to properly resolve file links, allowing an attacker to create symbolic links that the service may interpret as legitimate files. 

This can lead to unintended file creation, which can disrupt system functionality and cause a persistent DoS condition. 

The vulnerability is rated with a CVSS v3 score of 6.1, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, reflecting local attack vector requirements, low attack complexity, and low privileges needed for exploitation.

To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system. 

Once this access is obtained, the attacker can create symbolic links that the SonicWall VPN service will mistakenly interpret as legitimate files. This can lead to unauthorized file overwrites, which may result in a DoS condition or file corruption.

The vulnerability was discovered by CrisprXiang and Hao Huang with FDU, through the Trend Micro Zero Day Initiative. 

Risk FactorsDetailsAffected ProductsSonicWall Connect Tunnel Windows Client (32/64-bit) versions ≤12.4.3.283ImpactUnauthorized file overwrite leading to denial of service (DoS) or file corruptionExploit PrerequisitesLocal system access (AV:L), low privileges (PR:L), and user interaction not required (UI:N)CVSS 3.1 Score6.1 (Medium)

Affected Products and Versions

Affected Product: SonicWall Connect Tunnel Windows Client (both 32-bit and 64-bit).

Affected Versions: All versions up to 12.4.3.283.

Unaffected Products: Connect Tunnel clients for Linux and Mac are not impacted by this vulnerability.

Fixes Released

SonicWall has issued an update to address this vulnerability. Users are advised to upgrade to version 12.4.3.298 or higher of the Connect Tunnel Windows Client to mitigate the risk. 

There are no workarounds available for this issue, making the software update the only effective solution.

The SonicWall Connect Tunnel vulnerability highlights the importance of maintaining up-to-date software to prevent exploitation by malicious actors. 

As cybersecurity threats continue to evolve, it is crucial for organizations and individuals to prioritize software updates and security patches to protect against emerging vulnerabilities.

Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Related Posts

Researchers from the University of Florida and North Carolina State University conducted an extensive analysis across seven LTE implementations, including…