fkie_nvd - fkie_cve-2025-40605

fkie_cve-2025-40605

Vulnerability from fkie_nvd

Published

2025-11-20 15:17

Modified

2025-12-12 15:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	email_security_appliance_5000_firmware	*
sonicwall	email_security_appliance_5000	-
sonicwall	email_security_appliance_5050_firmware	*
sonicwall	email_security_appliance_5050	-
sonicwall	email_security_appliance_7000_firmware	*
sonicwall	email_security_appliance_7000	-
sonicwall	email_security_appliance_7050_firmware	*
sonicwall	email_security_appliance_7050	-
sonicwall	email_security_appliance_9000_firmware	*
sonicwall	email_security_appliance_9000	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1B8BFC-9721-491D-B803-1571D0702596",
              "versionEndIncluding": "10.0.33.8195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA9126B7-5C64-4692-954C-6EF71261862C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E47DFE3-0731-4E63-99B4-14EBE778BB92",
              "versionEndIncluding": "10.0.33.8195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "271F06DD-8DAA-46EF-A803-659EA253CC63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C2A297-95A8-48ED-BACC-81E8B7E85681",
              "versionEndIncluding": "10.0.33.8195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A114E829-5FC6-4321-8D28-C63EC09F9099",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD71CC1-27B3-4782-85A7-6D6F17C20A5E",
              "versionEndIncluding": "10.0.33.8195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "443B635B-6B08-479B-A635-26724B192BF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95DDA2E-E2DC-4F98-9901-0A10E7D0A168",
              "versionEndIncluding": "10.0.33.8195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2434930-79AB-4AA9-AAC8-B116F3CD5CC0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path."
    }
  ],
  "id": "CVE-2025-40605",
  "lastModified": "2025-12-12T15:43:42.043",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-20T15:17:28.917",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-23"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-40605 (GCVE-0-2025-40605)

Vulnerability from cvelistv5

Published

2025-11-20 12:19

Modified

2025-11-20 18:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-23 - Relative Path Traversal

Summary

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018

vendor-advisory