SonicWall is under growing scrutiny for not formally committing to the Cybersecurity and Infrastructure Security Agencys secure-by-design pledge, even as its products continue to face exploitation by cybercriminals, according to CyberScoop.
The California-based network security vendor has disclosed 20 vulnerabilities so far in 2025, with four already confirmed as being actively exploited. These include critical flaws in SonicWalls Secure Mobile Access 100 appliances and its firewall operating system, SonicOS. At least eight SonicWall vulnerabilities have been tied to ransomware operations since 2021. Three new software defects disclosed this month, identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, may also be under active attack. While SonicWall collaborated quickly with security firm Rapid7 to patch them, researchers warned these vulnerabilities could be chained together to achieve root-level remote code execution. Despite affirming that its newer products align with secure-by-design principles, SonicWall remains one of the few major vendors that has yet to formally endorse the pledge. Over 300 others, including Fortinet, Cisco, and Ivanti, have signed. SonicWall stated it supports the pledge and has begun internal processes to join, but has not clarified its timeline.
The California-based network security vendor has disclosed 20 vulnerabilities so far in 2025, with four already confirmed as being actively exploited. These include critical flaws in SonicWalls Secure Mobile Access 100 appliances and its firewall operating system, SonicOS. At least eight SonicWall vulnerabilities have been tied to ransomware operations since 2021. Three new software defects disclosed this month, identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, may also be under active attack. While SonicWall collaborated quickly with security firm Rapid7 to patch them, researchers warned these vulnerabilities could be chained together to achieve root-level remote code execution. Despite affirming that its newer products align with secure-by-design principles, SonicWall remains one of the few major vendors that has yet to formally endorse the pledge. Over 300 others, including Fortinet, Cisco, and Ivanti, have signed. SonicWall stated it supports the pledge and has begun internal processes to join, but has not clarified its timeline.
