Path Traversal in Sonicwall Email Security

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories out…

EPSS: 0.000 (13.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Email Security — versions 10.0.33.8195 and earlier versions

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 (vendor-advisory)