Security experts are sounding the alarm on an actively exploited flaw in SonicWall systems. Discovered in early January 2025, the bug has been fixed, but there are still users who have not applied the patch yet.

Cybercriminals are taking advantage of this vulnerability in SonicWall firewalls to access target endpoints and manipulate VPN connections, as disclosed by cybersecurity researchers Arctic Wolf. The flaw, an Improper Authentication bug in the SSLVPN authentication mechanism, was rated a critical severity of 9.8/10 and is identified as CVE-2024-53704, affecting SonicOS versions 7.1.x up to 7.1.1-7058, 7.1.2-7019, and 8.0.0-8035. SonicWall has released updates to address the issue in versions SonicOS 8.0.0-8037 and later, along with others.

Immediately following the fix, security firm Bishop Fox shared a Proof-of-Concept exploit, serving as a warning to the security community and potential attackers. This disclosure enabled cybercriminals to exploit the flaw, resulting in observed exploitation attempts by Arctic Wolf soon after. The exploit allows attackers to gain access to the session, potentially compromising sensitive information like Virtual Office bookmarks and VPN settings.

Despite the availability of a patch for over a month, numerous vulnerable endpoints remain unsecured. It is highly advised for users to apply the necessary updates to protect against these ongoing threats. Reported by The Register.