CVE-2025-40605 | THREATINT

Description

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-20 | Updated 2025-11-20 | Assigner sonicwall

Problem types

CWE-23 Relative Path Traversal

Product status

Default status

unknown

10.0.33.8195 and earlier versions

affected

Credits

Brian Mariani of DigitalCanion SA - www.digitalcanion.com finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 vendor-advisory

cve.org (CVE-2025-40605)

nvd.nist.gov (CVE-2025-40605)

Download JSON