CVE-2025-40604

CVE-2025-40604

Vendor Sonicwall
Product Email Security
Weakness CWE-494 · Download without integrity check
Published November 20, 2025
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
February 26, 2026 Record updated