SonicWall Connect Tunnel Windows Client Improper Link Resolution (SNWLID-2025-0007)

medium Nessus Plugin ID 235657

Synopsis

The remote host is affected by an improper link resolution vulnerability.

Description

According to its self-reported version, the installed SonicWall Connect Tunnel client is vulnerable to an improper link resolution vulnerability:

- A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
(CVE-2025-32817)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SonicWall Connect Tunnel Client version 12.4.3.298 or later.

See Also

http://www.nessus.org/u?c43d9042

Plugin Details

Severity: Medium

ID: 235657

File Name: sonicwall_connect_tunnel_SNWLID-2025-0007.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 5/9/2025

Updated: 5/9/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C

CVSS Score Source: CVE-2025-32817

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Vulnerability Information

CPE: x-cpe:/a:sonicwall:connect_tunnel

Required KB Items: installed_sw/Sonicwall Connect Tunnel

Patch Publication Date: 4/16/2025

Vulnerability Publication Date: 4/16/2025

Reference Information

CVE: CVE-2025-32817

IAVA: 2025-A-0319