CVE-2025-40604

MEDIUM 6.5

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

CWE	CWE-494
Vendor	sonicwall
Product	email security
Published	Nov 20, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for sonicwall email security

Be the first to know when new medium vulnerabilities affecting sonicwall email security are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SonicWall / Email Security

10.0.33.8195 and earlier versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

psirt.global.sonicwall.com: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018

Credits

Brian Mariani of DigitalCanion SA - www.digitalcanion.com