CVE-2025-40604
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-12-12

Assigner: SonicWALL, Inc.

Description
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-11-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40604
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sonicwall email_security_appliance_5000_firmware to 10.0.33.8195 (inc)
sonicwall email_security_appliance_5000 *
sonicwall email_security_appliance_5050_firmware to 10.0.33.8195 (inc)
sonicwall email_security_appliance_5050 *
sonicwall email_security_appliance_7000_firmware to 10.0.33.8195 (inc)
sonicwall email_security_appliance_7000 *
sonicwall email_security_appliance_7050_firmware to 10.0.33.8195 (inc)
sonicwall email_security_appliance_7050 *
sonicwall email_security_appliance_9000_firmware to 10.0.33.8195 (inc)
sonicwall email_security_appliance_9000 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-494 The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the SonicWall Email Security appliance loading root filesystem images without verifying their signatures. This lack of integrity check allows attackers who have access to VMDK or datastore to modify system files, which can lead to persistent arbitrary code execution on the device.

Impact Analysis

An attacker exploiting this vulnerability can gain persistent arbitrary code execution on the SonicWall Email Security appliance by modifying system files. This could lead to unauthorized control over the device, potentially compromising email security and the overall network environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40604. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart