CVE-2025-40604 in Email Securityالمعلومات

الملخص

بحسب MITRE • 20/11/2025

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Sonicwall

حجز

16/04/2025

إفشاء

20/11/2025

الاعتدال

تمت الموافقة

إدخال

VDB-333046

CPE

جاهز

CWE

CWE-494 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.00025

KEV

لا

النشاطات

منخفض جدًا

القطاع

Finance, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-40604
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-40604
CVE Details	https://www.cvedetails.com/cve/CVE-2025-40604/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!