Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Feb 26, 2026

CVE-2025-40604

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Affected products

SonicWall/Email Securityllm-fuzzy
SonicWall/Email Securityv5
Range: 10.0.33.8195 and earlier versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000