VYPR
Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Feb 26, 2026

CVE-2025-40604

CVE-2025-40604

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Affected products

2
  • SonicWall/Email Securityllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 10.0.33.8195 and earlier versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.