vulnerability

SonicWall Email Security: CVE-2025-40604: Download of Code Without Integrity Check Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Nov 19, 2025	Apr 29, 2026	May 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Nov 19, 2025

Added

Apr 29, 2026

Modified

May 25, 2026

Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Solution

sonicwall-email-security-upgrade-100348215

References

CVE-2025-40604
https://attackerkb.com/topics/CVE-2025-40604
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-198274
CWE-494
EUVD-EUVD-2025-198274

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report