MEDIUM🇵🇱 Wersja polska

CVE-2025-40605

CVSS 5.3v3.1pub. 2025-11-20upd. 2025-12-12

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Sonicwall Email Security Appliance 5000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 5050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5050 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 7000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 7050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7050 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
  • Sonicwall Email Security Appliance 9000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 9000 Firmware

    OS
    Sonicwall
    ≤ 10.0.33.8195
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-20021CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrativ...

CVE-2025-40604CRITICAL9.8PL ✓ten sam produkt

SonicWall Email Security – ładowanie obrazów bez weryfikacji podpisu (RCE)

CVE-2021-20022HIGH7.2⚠ KEVten sam produkt

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...

CVE-2021-20023MEDIUM4.9⚠ KEVten sam produkt

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...

CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE