ГлавнаяУязвимости → CVE-2025-40604
9.8критическая

CVE-2025-40604

Описание

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Затрагиваемое ПО
Sonicwall Email security appliance 5000 firmwareSonicwall Email security appliance 5000Sonicwall Email security appliance 5050 firmwareSonicwall Email security appliance 5050Sonicwall Email security appliance 7000 firmwareSonicwall Email security appliance 7000Sonicwall Email security appliance 7050 firmwareSonicwall Email security appliance 7050Sonicwall Email security appliance 9000 firmwareSonicwall Email security appliance 9000
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018