Email Security Appliance 5000 Firmware
CVE-2025-40605
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
AnalysisAI
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-23. A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. Affected products include: Sonicwall Email Security Appliance 5000 Firmware, Sonicwall Email Security Appliance 5050 Firmware, Sonicwall Email Security Appliance 7000 Firmware, Sonicwall Email Security Appliance 7050 Firmware, Sonicwall Email Security Appliance 9000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload a
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem i
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today