CRITICAL🇵🇱 Wersja polska

CVE-2025-40604

CVSS 9.8v3.1pub. 2025-11-20upd. 2025-12-12

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

🤖 AI Analysis
How it works

The SonicWall Email Security device loads root filesystem images during updates or startup without verifying their integrity or signature authenticity. An attacker with access to a VMDK file or datastore of the virtualized environment can substitute or modify these images. Once the manipulated image is loaded, malicious code is executed with system privileges, providing the attacker with persistent and arbitrary code execution on the device.

Impact

An attacker can obtain persistent, full control over the device through arbitrary code execution at the operating system level, which means complete violation of confidentiality, integrity, and availability of processed email and infrastructure.

Mitigation & patch

Apply patches available from the vendor according to the references (https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018). Additionally, restrict access to VMDK files and datastores of the virtualized environment exclusively to trusted, authorized administrators and systems.

Who is affected

SonicWall Email Security Appliance 5000, SonicWall Email Security Appliance 5000 Firmware, SonicWall Email Security Appliance 5050 Firmware, SonicWall Email Security Appliance 7000, SonicWall Email Security Appliance 9000 — exact firmware versions indicated in vendor references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Email Security Appliance 5000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 5050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5050 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 7000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 7050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7050 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 9000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 9000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-20021CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrativ...

CVE-2021-20022HIGH7.2⚠ KEVten sam produkt

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...

CVE-2021-20023MEDIUM4.9⚠ KEVten sam produkt

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...

CVE-2025-40605MEDIUM5.3ten sam produkt

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manip...

CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE