{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40604","assignerOrgId":"44b2ff79-1416-4492-88bb-ed0da00c7315","state":"PUBLISHED","assignerShortName":"sonicwall","dateReserved":"2025-04-16T08:34:51.361Z","datePublished":"2025-11-20T12:17:14.138Z","dateUpdated":"2026-02-26T16:07:45.738Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","platforms":["Linux","Windows"],"product":"Email Security","vendor":"SonicWall","versions":[{"status":"affected","version":"10.0.33.8195 and earlier versions"}]}],"credits":[{"lang":"en","type":"finder","value":"Brian Mariani of DigitalCanion SA - www.digitalcanion.com"}],"datePublic":"2025-11-20T11:56:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.</span>"}],"value":"Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-494","description":"CWE-494 Download of Code Without Integrity Check","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"44b2ff79-1416-4492-88bb-ed0da00c7315","shortName":"sonicwall","dateUpdated":"2025-11-20T12:17:14.138Z"},"references":[{"tags":["vendor-advisory"],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018"}],"source":{"advisory":"SNWLID-2025-0018","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"id":"CVE-2025-40604","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-11-21T05:02:06.793237Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:07:45.738Z"}}]}}