9.8
CVE-2025-40604
- EPSS 0.03%
- Veröffentlicht 20.11.2025 12:17:14
- Zuletzt bearbeitet 12.12.2025 15:44:04
- Quelle PSIRT@sonicwall.com
- CVE-Watchlists
- Unerledigt
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sonicwall ≫ Email Security Appliance 5000 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 5050 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 7000 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 7050 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 9000 Firmware Version <= 10.0.33.8195
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.068 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.