PT-2025-47567 · Sonicwall · Sonicwall Email Security

Brian Mariani

Publicado

2025-11-19

Atualizado

2025-12-29

CVE-2025-40604

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SonicWall Email Security Appliance (affected versions not specified)

Description The SonicWall Email Security appliance downloads root filesystem images without verifying signatures. This allows attackers with VMDK or datastore access to modify system files and potentially gain persistent arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494

Identificadores relacionados

BDU:2025-14679

CVE-2025-40604

Produtos afetados

Sonicwall Email Security

PT-2025-47567 · Sonicwall · Sonicwall Email Security

CVE-2025-40604

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11