CVE-2025-40604 in Email Securityinformación

Resumen

por MITRE • 2025-11-20

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Sonicwall

Reservar

2025-04-16

Divulgación

2025-11-20

Moderación

aceptado

Artículo

VDB-333046

CPE

listo

CWE

CWE-494 (confirmado)

CVSS

9.8 (NVD)

EPSS

0.00025

KEV

Actividades

muy bajo

Sector

Hostingprovider, Hospital, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-40604
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-40604
CVE Details	https://www.cvedetails.com/cve/CVE-2025-40604/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!