CVE-2025-40604CRITICAL 9.8EPSS p6.1%

CVE-2025-40604CVE-2025-40604

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.17% probability of exploitation · percentile 6.1% · 2026-06-18T12:00:27Z
Published2025-11-20
Last modified2025-12-12

Underlying weaknesses· 1

CWE-494

References

  1. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018

1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-4940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SonicWall SonicOS Improper Access Control Vulnerability
CVE
CVE-2025-40600
CVE
SonicWall Email Security Unrestricted Upload of File Vulnerability
CVE
SonicWall Email Security Path Traversal Vulnerability
CVE
CVE-2026-0204
CVE
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.