Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Feb 26, 2026
CVE-2025-40604
CVE-2025-40604
Description
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 10.0.33.8195 and earlier versions
Patches
Vulnerability mechanics
References
1- psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018mitrevendor-advisory
News mentions
0No linked articles in our index yet.