CVE-2025-40604_CVE-2025-40604

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Basic Information

ID CVE-2025-40604

Source sonicwall

Published Nov 20, 2025 at 12:17

Modified Nov 20, 2025 at 18:29

Affected Product

Vendor SonicWall

Product Email Security

Version 10.0.33.8195 and earlier versions

Affected Versions SonicWall Email Security 10.0.33.8195 and earlier versions

CWE Classification

CWE-494

References

psirt.global.sonicwall.com /vuln-detail/SNWLID-2025-0018

{
    "lastseen": "",
    "description": "Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.",
    "published": "2025-11-20T12:17:14.138Z",
    "modified": "2025-11-20T18:29:00.547Z",
    "type": "cve",
    "title": "CVE-2025-40604",
    "source": "sonicwall",
    "references": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018",
    "id": "CVE-2025-40604",
    "bulletinFamily": "",
    "cwe": [
        "CWE-494"
    ],
    "cvelist": null,
    "sourceData": "SonicWall Email Security 10.0.33.8195 and earlier versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Email Security",
    "version": "10.0.33.8195 and earlier versions",
    "vendor": "SonicWall",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}