By Eric Hammersley, Nutanix VP, Engineering & Chief Product Security Officer
Nutanix is issuing a clarification regarding the update to a joint security advisory published by CISA on November 13, 2025 which mentions the Nutanix AHV hypervisor and a separate, known vulnerability to a third party technology, SonicWall Firewall, in the same update.
This CISA update reported that a threat actor known as Akira, “[....] had encrypted Nutanix AHV VM disk files for the first time, expanding [Akira’s] capabilities beyond VMware ESXi and Hyper-V by abusing [....] (CVE)-2024-40766, a SonicWall vulnerability.”
Nutanix recognizes that the CISA update could lead to the incorrect assumption that a vulnerability in the Nutanix AHV hypervisor led to the incident described. CVE 2024-40766 is a vulnerability in the SonicWall Firewall product and is not a Nutanix AHV CVE. Based on publicly available information, SonicWall first published its own security advisory about this CVE in August 2024 including updates about patch releases that were subsequently made available to address this CVE. As a courtesy, we are providing a publicly available link to the SonicWall website referring to CVE 2024-40766 here: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Nutanix was not aware of this incident or any specifics related to this threat actor’s target of customers using certain hypervisor vendors until this report by CISA on November 13, 2025. For this reason, we cannot validate the statements made by CISA about the encryption of Nutanix AHV VM disk files and Nutanix does not have any information about the version or use of the hypervisor VM that was reported as impacted.
Out of an abundance of caution, we are actively working to fully understand the circumstances of the incident as described in the joint security advisory and we will cooperate with CISA or any other authority as needed.
As always, we recommend that our customers undertake industry standard security practices that include staying proactive with threat intelligence monitoring, using standard tools and scans to detect and remediate security vulnerabilities, and staying up to date with the most recent patch updates and any new releases for the Nutanix products.