SonicWall Patches Three Zero-Day Vulnerabilities

Categories: ,

Posted on

By

SonicWall Patches Three Zero-Day Vulnerabilities

SonicWall has tested and published patches to mitigate three zero-day vulnerabilities in its email security products this week. Hackers are actively exploiting these vulnerabilities in the wild, and customers should patch them immediately.

Affected Products

The vulnerabilities affected the following versions of SonicWall’s email security and hosted email security products:

  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4-Present
The Addressed Vulnerabilities

The patches released by SonicWall mitigate three CVEs, listed below:

More details from SonicWall can be found in its company advisory as well as in FireEye’s detail of how the exploits were being used. Here are links to both:

Remediations

SonicWall has patched its hosted email security product automatically, but customers will need to upgrade in-house email security products on their own, using the following versions:

  • (Windows) Email Security 10.0.9.6173
  • (Hardware & ESXi Virtual Appliance) Email Security 10.0.9.6173

SonicWall also provides detailed instructions for upgrading in this advisory article: https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/

 

More From Raxis

  • Choosing a Penetration Testing Company: Part 2

    Choosing a Penetration Testing Company: Part 2

    By Brad Herring • July 1, 2025
  • Cisco Releases Patch for CVE-2025-20188 - 10.0 CVSS

    Cisco Releases Patch for CVE-2025-20188 – 10.0 CVSS

    By Scottie Cole • May 8, 2025
  • Choosing a Penetration Testing Company: Part 1

    Choosing a Penetration Testing Company: Part 1

    By Cole Stafford • April 22, 2025
  • Understanding PTaaS: Penetration Testing as a Service

    Understanding PTaaS: Penetration Testing as a Service

    By Bonnie Smyre • March 5, 2025