FAQ on SonicWall Gen 7 Firewall Ransomware Activity

On August 4, SonicWall issued a threat activity notice following reports of malicious activity by several vendors including Arctic Wolf and Huntress.

According to the researchers, they've observed a notable uptick in targeting of SonicWall Gen 7 firewalls with SSLVPN enabled. Based on their observations, it appears that attackers may be utilizing a possible zero-day vulnerability against these devices. So far, the attacks appear to be centered around deployment of the Akira ransomware.

SonicWall is currently investigating these reports. No patches and no CVE have been assigned as of yet.

For more information about the possible zero-day vulnerability, including the future availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Tenable Vulnerability Management

Vulnerability Watch

Forum Discussion

FAQ on SonicWall Gen 7 Firewall Ransomware Activity

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia