CVE-2025-40605

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*
History

12 Dec 2025, 15:43

Type Values Removed Values Added
CPE cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 - Vendor Advisory
First Time Sonicwall email Security Appliance 9000 Firmware
Sonicwall email Security Appliance 5000 Firmware
Sonicwall email Security Appliance 5050
Sonicwall email Security Appliance 5050 Firmware
Sonicwall email Security Appliance 5000
Sonicwall email Security Appliance 9000
Sonicwall email Security Appliance 7000
Sonicwall email Security Appliance 7050 Firmware
Sonicwall email Security Appliance 7050
Sonicwall
Sonicwall email Security Appliance 7000 Firmware

20 Nov 2025, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

20 Nov 2025, 15:17

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-20 15:17

Updated : 2025-12-12 15:43

NVD link : CVE-2025-40605

Mitre link : CVE-2025-40605

CVE.ORG link : CVE-2025-40605

JSON object : View

Products Affected

sonicwall

  • email_security_appliance_5000_firmware
  • email_security_appliance_5050
  • email_security_appliance_7000
  • email_security_appliance_5000
  • email_security_appliance_7000_firmware
  • email_security_appliance_9000_firmware
  • email_security_appliance_9000
  • email_security_appliance_5050_firmware
  • email_security_appliance_7050_firmware
  • email_security_appliance_7050
CWE
CWE-23

Relative Path Traversal