A significant security flaw has been identified in the SonicWall Connect Tunnel Windows Client, affecting both 32-bit and 64-bit versions up to 12.4.3.283. This vulnerability, designated as CVE-2025-32817, involves improper link resolution, categorized under CWE-59. Exploitation of this flaw allows attackers to create symbolic links that the service may interpret as legitimate files, leading to unauthorized file overwrites. Such actions can result in file corruption and a persistent denial-of-service (DoS) condition on affected systems.
Technical Details:
The vulnerability arises from the client’s failure to properly resolve file links. An attacker with low-privileged access can create symbolic links that the SonicWall VPN service misinterprets, leading to unintended file creation or modification. This can disrupt system functionality and cause a persistent DoS condition. The vulnerability has been assigned a CVSS v3 score of 6.1, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, reflecting local attack vector requirements, low attack complexity, and low privileges needed for exploitation.
Exploitation Process:
To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system. Once this access is obtained, the attacker can create symbolic links that the SonicWall VPN service will mistakenly interpret as legitimate files. This can lead to unauthorized file overwrites, resulting in a DoS condition or file corruption.
Affected Products and Versions:
– Affected Product: SonicWall Connect Tunnel Windows Client (both 32-bit and 64-bit).
– Affected Versions: All versions up to 12.4.3.283.
– Unaffected Products: Connect Tunnel clients for Linux and Mac are not impacted by this vulnerability.
Mitigation and Recommendations:
SonicWall has released an update to address this vulnerability. Users are strongly advised to upgrade to version 12.4.3.298 or higher of the Connect Tunnel Windows Client to mitigate the risk. There are no workarounds available for this issue, making the software update the only effective solution.
Conclusion:
The discovery of CVE-2025-32817 underscores the critical importance of maintaining up-to-date software to prevent exploitation by malicious actors. As cybersecurity threats continue to evolve, organizations and individuals must prioritize software updates and security patches to protect against emerging vulnerabilities.
