5.3
CVE-2025-40605
- EPSS 0.05%
- Veröffentlicht 20.11.2025 12:19:17
- Zuletzt bearbeitet 12.12.2025 15:43:42
- Quelle PSIRT@sonicwall.com
- CVE-Watchlists
- Unerledigt
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Sonicwall ≫ Email Security Appliance 5000 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 5050 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 7000 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 7050 Firmware Version <= 10.0.33.8195
Sonicwall ≫ Email Security Appliance 9000 Firmware Version <= 10.0.33.8195
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.143 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.