Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
The SonicWall Email Security device loads root filesystem images during updates or startup without verifying their integrity or signature authenticity. An attacker with access to a VMDK file or datastore of the virtualized environment can substitute or modify these images. Once the manipulated image is loaded, malicious code is executed with system privileges, providing the attacker with persistent and arbitrary code execution on the device.
An attacker can obtain persistent, full control over the device through arbitrary code execution at the operating system level, which means complete violation of confidentiality, integrity, and availability of processed email and infrastructure.
Apply patches available from the vendor according to the references (https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018). Additionally, restrict access to VMDK files and datastores of the virtualized environment exclusively to trusted, authorized administrators and systems.
SonicWall Email Security Appliance 5000, SonicWall Email Security Appliance 5000 Firmware, SonicWall Email Security Appliance 5050 Firmware, SonicWall Email Security Appliance 7000, SonicWall Email Security Appliance 9000 — exact firmware versions indicated in vendor references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Email Security Appliance 5000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5000 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 5050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5050 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 7000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7000 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 7050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7050 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 9000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 9000 Firmware
OSSonicwall≤ 10.0.33.8195
Related vulnerabilities
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrativ...
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manip...
SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE