CVE-2025-40605
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Tags
Description
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
Analysis
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-23. A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. Affected products include: Sonicwall Email Security Appliance 5000 Firmware, Sonicwall Email Security Appliance 5050 Firmware, Sonicwall Email Security Appliance 7000 Firmware, Sonicwall Email Security Appliance 7050 Firmware, Sonicwall Email Security Appliance 9000 Firmware.
Affected Products
Sonicwall Email Security Appliance 5000 Firmware, Sonicwall Email Security Appliance 5050 Firmware, Sonicwall Email Security Appliance 7000 Firmware, Sonicwall Email Security Appliance 7050 Firmware, Sonicwall Email Security Appliance 9000 Firmware.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today