Serial number: AV25-603
Date: September 18, 2025
Update: October 9, 2025
On September 17, 2025, SonicWall published a security incident report describing suspicious activity targeting their cloud backup service for firewalls. Customer firewall preference files stored in the cloud were accessed by threat actors. These files contain information that could make the exploitation of customer firewalls significantly easier.
The vendor is not aware of these files being leaked online by threat actors.
Affected products:
- SonicWall Firewalls with preference files backed up in MySonicWall.com
Update 1
On October 8, 2025, SonicWall confirmed that an unauthorized party accessed firewall configuration backup files for all customers using SonicWall’s cloud backup service.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary mitigations.