Vulnerability Details CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-40604
-
cpe:2.3:h:sonicwall:email_security_appliance_5000:-
-
cpe:2.3:h:sonicwall:email_security_appliance_5050:-
-
cpe:2.3:h:sonicwall:email_security_appliance_7000:-
-
cpe:2.3:h:sonicwall:email_security_appliance_7050:-
-
cpe:2.3:h:sonicwall:email_security_appliance_9000:-
-
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:10.0.9.6177