CVE-2025-40604 — CRITICAL (9.8)

Q: How severe is CVE-2025-40604?

CVE-2025-40604 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-40604?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Email Security Appliance 5000 Firmware, Sonicwall Email Security Appliance 5000, Sonicwall Email Security Appliance 5050 Firmware, Sonicwall Email Security Appliance 5050, Sonicwall Email Security Appliance 7000 Firmware.

Vulnerability Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sonicwall	Email Security Appliance 5000 Firmware	<= 10.0.33.8195
Sonicwall	Email Security Appliance 5000	-
Sonicwall	Email Security Appliance 5050 Firmware	<= 10.0.33.8195
Sonicwall	Email Security Appliance 5050	-
Sonicwall	Email Security Appliance 7000 Firmware	<= 10.0.33.8195
Sonicwall	Email Security Appliance 7000	-
Sonicwall	Email Security Appliance 7050 Firmware	<= 10.0.33.8195
Sonicwall	Email Security Appliance 7050	-
Sonicwall	Email Security Appliance 9000 Firmware	<= 10.0.33.8195
Sonicwall	Email Security Appliance 9000	-

Related Weaknesses (CWE)

CWE-494

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018Vendor Advisory

FAQ

What is CVE-2025-40604?

CVE-2025-40604 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore ac...

How severe is CVE-2025-40604?

CVE-2025-40604 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-40604?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Email Security Appliance 5000 Firmware, Sonicwall Email Security Appliance 5000, Sonicwall Email Security Appliance 5050 Firmware, Sonicwall Email Security Appliance 5050, Sonicwall Email Security Appliance 7000 Firmware.