October 31, 2025

Is Your Security at Risk? The Continuing Saga of Sonic Firewalls

Q: What are the recent SonicWall firewall vulnerabilities?

Recent SonicWall firewall vulnerabilities have included issues related to unauthorized access, remote code execution, and VPN exploitation. These vulnerabilities can allow attackers to bypass authentication, expose sensitive network data, or target unpatched and outdated systems.

Q: How do SonicWall vulnerabilities impact businesses?

SonicWall vulnerabilities can create direct entry points into a business network. This can lead to unauthorized access to internal systems, data breaches, ransomware exposure, and operational disruption. For many small and midsize businesses, a compromised firewall can expose everything behind it.

Q: How can I tell if my SonicWall firewall is at risk?

A SonicWall firewall may be at risk if it is running outdated firmware, has unpatched known vulnerabilities, shows unusual login or traffic activity, or has not been reviewed through regular security audits. In many environments, delayed updates and misconfigurations are the most common causes of risk.

Q: What should I do if my firewall is vulnerable?

If your firewall is vulnerable, you should apply the latest firmware updates and patches, review and tighten firewall rules and access controls, disable unused services such as unnecessary VPN endpoints, and conduct a security audit or vulnerability scan to identify additional exposure.

Q: Are SonicWall firewalls still secure to use?

Yes, SonicWall firewalls can still be secure when they are properly maintained. Security depends on applying regular updates, configuring the system correctly, and continuously monitoring for threats. In most cases, the issue is not the platform itself but how consistently it is managed.

Q: What are common mistakes companies make with firewall security?

Common firewall security mistakes include delaying firmware updates, relying on default or weak configurations, failing to monitor logs or alerts, and treating firewalls as a set-it-and-forget-it tool. These process gaps often create more risk than the technology itself.

Q: How often should firewall security be reviewed?

Firewall security should be reviewed continuously through monitoring and regularly through monthly or quarterly configuration reviews. Organizations should also patch immediately when critical vulnerabilities are announced. Security is most effective when treated as an ongoing process rather than a periodic task.

Q: Do small and mid-sized businesses need advanced firewall security?

Yes, small and mid-sized businesses need advanced firewall security because they are often targeted by attackers due to limited internal IT resources, less frequent patching, and growing reliance on remote access and VPNs. Strong firewall security is now a foundational requirement for protecting business operations.

Overview of the Threat

Many organizations may be facing significant security risks without being aware of them. Since 2024, Sonic Firewalls have had a known vulnerability. Communication from SonicWall to their end customers about this issue has been minimal.

Although a patch was released, a ransomware group called Akira began a major campaign targeting SonicWall SSL VPN devices in late July 2025. Small businesses have been the primary targets, with ransom demands ranging from $50,000 to $250,000 per company.

The FBI has reported that, as of April 2024, Akira had already collected over $42 million in ransom payments from more than 250 victims.

Recent Incidents and Forensics

Over the past 12 weeks, our team has received an average of two to three calls each week from companies that have been hacked and are seeking assistance. Our forensic analysis consistently traces these incidents back to the known vulnerabilities in Sonic Firewalls.

Attack Methodology

The affiliates of the Akira group initially gain access to the network through the SSLVPN component of Sonic Firewalls. Once inside, they escalate their privileges to an elevated or service account, search for and extract sensitive files from network shares or file servers, and proceed to delete and stop any active backups.

The final stage involves deploying ransomware. In some cases, these attackers may only spend a few hours reviewing your files before locking up your computer systems—a process referred to as "bricking"—which can occur in hours rather than days.

Affected Systems and Recommendations

If your organization is using a Sonic Firewall from Generation (or Series) 4 or 5, these devices are now classified as “End-of-Life” and must be replaced. For Generation (or Series) 6 devices, replacement is also recommended rather than continuing to pay for annual support just to receive the necessary patches. If you are using a Generation 7 device, you can download and apply the appropriate security patch.

For organizations using Sonic Firewall Series 7, it is essential to rotate passwords on all SonicWall local accounts, remove any unused accounts, and implement MFA/TOTP policies for SonicWall SSLVPN services. Additionally, administrators should update to the latest firmware and reset credentials on any device that previously operated with a vulnerable version.

If your organization is not using a Sonic Firewall Series 7 and you have security concerns or wish to discuss available options, our team is available to assist. We are proud to be a partner and member of Print United.

Frequently Asked Questions: SonicWall Firewall Security Risks

What are the recent SonicWall firewall vulnerabilities?

Recent SonicWall vulnerabilities typically involve unauthorized access, remote code execution, or VPN exploitation.

Can allow attackers to bypass authentication
May expose sensitive network data
Often target unpatched or outdated systems

How do SonicWall vulnerabilities impact businesses?

Firewall vulnerabilities can create direct entry points into your network.

Unauthorized access to internal systems
Data breaches and ransomware exposure
Operational disruption and downtime

For many SMBs, the firewall is the first line of defense—if it fails, everything behind it is exposed.

How can I tell if my SonicWall firewall is at risk?

Risk is usually tied to configuration, patching, and monitoring practices.

Running outdated firmware
Unpatched known vulnerabilities
Unusual login or traffic activity
Lack of regular security audits

In real-world environments, most risks come from delayed updates or misconfiguration.

What should I do if my firewall is vulnerable?

Immediate action is critical to reduce exposure.

Apply the latest firmware updates and patches
Review and tighten firewall rules and access controls
Disable unused services (especially VPN endpoints)
Conduct a security audit or vulnerability scan

Are SonicWall firewalls still secure to use?

Yes—but only when properly maintained.

Regular updates are essential
Security depends on configuration and monitoring
Ongoing management is required to stay protected

The issue is rarely the platform itself—it’s how consistently it’s maintained.

What are common mistakes companies make with firewall security?

In most deployments, security gaps come from process issues rather than technology limitations.

Delaying firmware updates
Using default or weak configurations
Not monitoring logs or alerts
Treating firewalls as “set it and forget it”

How often should firewall security be reviewed?

Firewall security should be an ongoing process.

Continuous monitoring for threats
Monthly or quarterly configuration reviews
Immediate patching when vulnerabilities are announced

Organizations that treat security as continuous—not periodic—reduce risk significantly.

Do small and mid-sized businesses need advanced firewall security?

Yes. SMBs are often targeted because they are easier to exploit.

Limited internal IT resources
Less frequent patching and monitoring
Increasing reliance on remote access and VPNs

Strong firewall security is no longer optional—it is foundational.

Request a Complimentary Cybersecurity Review

Firewall vulnerabilities are rarely just a firewall problem. They often expose broader gaps in patching, remote access, email security, backups, and recovery readiness.

That is why a practical cybersecurity review should look beyond a single device.

It should assess how your network, endpoints, and email systems work together, where risk is concentrated, and what steps will most effectively reduce exposure.

At Clients First, our complimentary cybersecurity review is designed to help you do exactly that.

We evaluate your environment and provide clear, prioritized recommendations to strengthen protection, improve resilience, and support your ability to back up and restore data in the event of an unexpected incident.

Whether you choose to work with your local IT partner or with our team, the goal is the same: give you a clearer view of your current risk and the next steps to improve security.

If you want to understand where your environment may be vulnerable, contact our team to schedule a complimentary cybersecurity review.

Cyber Security