CVE-2025-40604

Critical CVSS: 9.8

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Vendor

Sonicwall

Product

Email Security Appliance 5000 Firmware

CWE

CWE-494

Yayın Tarihi

2025-11-20 15:17:28

Güncelleme

2025-12-12 15:44:04

Source Identifier

PSIRT@sonicwall.com

KEV Date Added

Kategoriler

CWE-494 Email Security Appliance 5000 Firmware CRITICAL Sonicwall 2025

Referanslar

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018

Benzer Kayıtlar

Medium

CVE-2026-3439

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker…

Medium

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0401

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0402

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

Medium

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to impr…

Medium

CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance manageme…