Logically has been actively collaborating with SonicWall, maintaining ongoing communication to investigate reports of increased threat activity against SSLVPN services.
As of SonicWall’s latest update (August 6, 2025), the vendor has confirmed with high confidence that the observed threat activity is not the result of a new or unknown zero-day but is strongly associated with a previously disclosed vulnerability: CVE-2024-40766, detailed in SonicWall’s advisory SNWLID-2024-0015. This confirmation aligns with our internal assessments and telemetry across customer environments.
Key Findings
SonicWall’s investigation indicates that the surge in threat activity is primarily tied to configurations where local user passwords were not changed since the original advisory (Oct. 2024), a critical step outlined in the original advisory.
Reputable security researchers, including Arctic Wolf, Google Mandiant, and Huntress, have contributed to SonicWall’s analysis of this threat.
The current threat activity is tied to the active use of previously compromised credentials, originally obtained via CVE-2024-40766, and now being leveraged in the wild by the Akira ransomware group.
Updated Recommendations
Logically recognizes the vital role SSLVPN plays in enabling remote access for many organizations, however, it is also one of the most abused attack surfaces in the current threat landscape. We encourage our partners to evaluate the business need for SSLVPN. If deemed non-critical to operations or infrequently used, we recommend disabling it immediately to reduce potential risks and attack surface. Additionally, Logically is prepared to discuss more secure, modernized remote access methodologies tailored to your needs, please reach out to our team for guidance.
For reference:
SonicWall Advisory SNWLID-2024-0015 – CVE-2024-40766
SonicWall Security Notice – SSLVPN Recent Threat Activity
Ongoing Monitoring
Logically’s team is actively monitoring this situation and will provide updates as new information or actions become available. For any questions or concerns regarding SonicWall, SSLVPN, remote access, or your overall security posture, please contact the Logically Support Team online or call 866.946.9638 and select Option 1 to be routed to your Care Team.
Additional Insights
As mentioned, SSLVPN is a significant vulnerability exploited by threat actors, affecting not only SonicWall but all firewall manufacturers. If you use SSLVPN on any firewall, Logically strongly advises reviewing your configuration, updating passwords, restricting VPN access to trusted sources, and disabling SSLVPN if it’s not required.
