Let’s skip the latest noise from Wall Street for a minute. Forget the tariffs. Forget the news drama. Did you catch what CISA just dropped into the “Known Exploited Vulnerabilities” catalog?
No? You should have. Because this one’s not theoretical. This is real. And it’s targeting your firewalls.
SonicWall’s NetExtender Has Some Problems…
It’s not just a bug. It’s three vulnerabilities—CVE-2025-23008, -23009, and -23010—that allow attackers to escalate privileges, delete files, and mess with system paths on Windows machines.
In plain English? If an attacker phishes your user and lands on a machine with NetExtender, they can get admin rights.
Welcome to owning the box.
And It Gets Worse…
SonicWall also patched a critical auth bypass in SonicOS itself—CVE-2024-53704. The SSL VPN component can be exploited to bypass authentication entirely. That’s right: they don’t even need credentials.
CISA added it to the KEV list. Bishop Fox released a proof-of-concept. Arctic Wolf says it’s already being used in the wild.
Meanwhile, Fortinet is catching heat for the same thing. Ransomware gangs are jumping all over an auth bypass flaw there, too.
The Common Theme? Firewalls Are Not Bulletproof.
That little box with the blinky lights? It might be the entry point.
We just helped an MSP deal with an incident where the firewall was the way in. They restored from backup and thought they were clear… until the hackers called.
“We still have your data. Pay the ransom, or we notify all your clients.”
So now they’re in breach notification mode. The lawyers are circling. And yes—lawsuits are likely.
What Could They Have Done Differently?
Patched? Sure. That’s the easy answer. But the real answer? Evidence. Layers. Documentation.
They needed to show they were auditing their stack—regularly and with evidence. That their security program wasn’t built like a house of cards, waiting for the next exploit to blow it over. That their controls were based on real, standards-driven frameworks—not just a vendor’s glossy brochure. They needed to prove they had defense in depth, not just a collection of tools. And most importantly, they needed to prove they weren’t negligent—because when it all hits the fan, that’s what determines whether you’re a survivor or a scapegoat.
When a vulnerability in your vendor’s product gets exploited, you and your client have to prove you weren’t asleep at the wheel.
And guess what? The burden’s on you.
What Should You Do Next?
Start by getting a third-party Level 3 Pen Test done for every single client—every quarter. No exceptions.
These aren’t scans to fulfill a regulator checkbox. They’re not some automated PDF generator you use to impress prospects. These are real-deal, hands-on, simulated attacks designed to show you how a hacker would get in—before they actually do.
Because here’s the thing:
You will get the call one day. The client with the “fully patched” environment. The one who thinks the blinky firewall box is doing all the heavy lifting. They’ll call you in a panic because the backups are compromised and the hackers are naming their price.
Now what?
Do you gamble with ransom negotiations? Do you trust that criminals will actually delete the data after payment? Do you think your client’s legal team is going to cover for you—or come looking for someone to blame?
Better Yet—Build for the Breach
Get proactive. Build a security program that’s ready before things go sideways. Make sure you’re collecting the evidence you need. That your layers of defense are mapped to standards. That your documentation doesn’t just exist, but actually protects you when it matters most.
And most importantly—that you can prove it.
Need Help Getting There?
Book a Cyber Liability Assessment with us. We’ll sit down with you and go through your client base. We’ll walk your stack, inspect your controls, and ask the hard questions.
We’ll show you what to fix, how to document it, and how to build the kind of security posture that holds up in front of lawyers, auditors, regulators—and yes, your clients.
Because let’s face it:
Firewalls fail.
Vendors get breached.
And you’re the one who’ll be explaining it all.
Don’t wait for the “incident response” moment to find out what you should have done.
Let’s get ahead of it. Schedule Your Assessment
