Vulnerability Details CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.0%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2025-40605
-
cpe:2.3:h:sonicwall:email_security_appliance_5000:-
-
cpe:2.3:h:sonicwall:email_security_appliance_5050:-
-
cpe:2.3:h:sonicwall:email_security_appliance_7000:-
-
cpe:2.3:h:sonicwall:email_security_appliance_7050:-
-
cpe:2.3:h:sonicwall:email_security_appliance_9000:-
-
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:10.0.9.6177
-
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:10.0.9.6105
-
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:10.0.9.6177