CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-20 15:17

Updated : 2025-12-12 15:44

NVD link : CVE-2025-40604

Mitre link : CVE-2025-40604

CVE.ORG link : CVE-2025-40604

JSON object : View

Products Affected

sonicwall

email_security_appliance_7050
email_security_appliance_5000_firmware
email_security_appliance_9000_firmware
email_security_appliance_7000_firmware
email_security_appliance_9000
email_security_appliance_7000
email_security_appliance_5000
email_security_appliance_5050_firmware
email_security_appliance_5050
email_security_appliance_7050_firmware

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2025-40604", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-11-20T15:17:28.750", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018", "tags": ["Vendor Advisory"], "source": "PSIRT@sonicwall.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@sonicwall.com", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution."}], "lastModified": "2025-12-12T15:44:04.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1B8BFC-9721-491D-B803-1571D0702596", "versionEndIncluding": "10.0.33.8195"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA9126B7-5C64-4692-954C-6EF71261862C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E47DFE3-0731-4E63-99B4-14EBE778BB92", "versionEndIncluding": "10.0.33.8195"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "271F06DD-8DAA-46EF-A803-659EA253CC63"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24C2A297-95A8-48ED-BACC-81E8B7E85681", "versionEndIncluding": "10.0.33.8195"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A114E829-5FC6-4321-8D28-C63EC09F9099"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CD71CC1-27B3-4782-85A7-6D6F17C20A5E", "versionEndIncluding": "10.0.33.8195"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "443B635B-6B08-479B-A635-26724B192BF0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95DDA2E-E2DC-4F98-9901-0A10E7D0A168", "versionEndIncluding": "10.0.33.8195"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2434930-79AB-4AA9-AAC8-B116F3CD5CC0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@sonicwall.com"}