CVE-2025-40604 | THREATINT

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-20 | Updated 2025-11-21 | Assigner sonicwall

Problem types

CWE-494 Download of Code Without Integrity Check

Product status

Default status

unknown

10.0.33.8195 and earlier versions

affected

Credits

Brian Mariani of DigitalCanion SA - www.digitalcanion.com finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 vendor-advisory

cve.org (CVE-2025-40604)

nvd.nist.gov (CVE-2025-40604)

Download JSON