Detections
Analytics
SonicWall Connect Tunnel Windows Client Improper Link Resolution (SNWLID-2025-0007)
medium Nessus Plugin ID 235657
Synopsis
The remote host is affected by an improper link resolution vulnerability.Description
According to its self-reported version, the installed SonicWall Connect Tunnel client is vulnerable to an improper link resolution vulnerability:- A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
(CVE-2025-32817)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to SonicWall Connect Tunnel Client version 12.4.3.298 or later.See Also
Plugin Details
Severity: Medium
ID: 235657
File Name: sonicwall_connect_tunnel_SNWLID-2025-0007.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 5/9/2025
Updated: 5/9/2025
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.0
CVSS v2
Risk Factor: Medium
Base Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C
CVSS Score Source: CVE-2025-32817
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Information
CPE: x-cpe:/a:sonicwall:connect_tunnel
Required KB Items: installed_sw/Sonicwall Connect Tunnel
Patch Publication Date: 4/16/2025
Vulnerability Publication Date: 4/16/2025
Reference Information
CVE: CVE-2025-32817
IAVA: 2025-A-0319