SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604)
Ddos 
SonicWall has released security updates addressing two vulnerabilities in its Email Security appliances, including one that could allow persistent arbitrary code execution if exploited. The flaws—CVE-2025-40604 and CVE-2025-40605—impact both physical and virtual ES appliances, including VMware and Hyper-V deployments.
The company urges customers to update immediately, warning that vulnerable versions load critical system components without proper integrity checks and expose sensitive directories via path traversal sequences.
The most severe issue, CVE-2025-40604, is rated 7.2 on the CVSS scale. SonicWall describes it as a “Download of Code Without Integrity Check Vulnerability” affecting the Email Security appliance.
According to the advisory: “[The appliance] loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.”
Because the appliance trusts filesystem images without validation, an attacker with access to the underlying virtualization storage could tamper with system components and embed malicious logic that persists across reboots.
The second flaw, CVE-2025-40605 (CVSS 4.9), is a classic directory traversal issue.
SonicWall states: “A Path Traversal vulnerability… allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.”
While less severe than the code-execution vulnerability, this issue could still enable reconnaissance, configuration exposure, or unauthorized access to sensitive system data depending on deployment context.
SonicWall recommends all customers upgrade immediately.
| Fixed Product(s) | Fixed Versions |
| Email Security (ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare and Hyper-V) |
10.0.34.8215, 10.0.34.8223 and higher versions. |
Related Posts:
- Cisco releases patch to fix three high security bugs
- Major npm flaw crashes Linux Systems, force users to reinstall
- Akira Ransomware Exploits SonicWall VPN Accounts With Lightning-Fast Intrusions
- Linux Kernel 6.16 Released: Boosting Hardware Support, Filesystems, & Networking
- Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
