Critical Vulnerabilities Patched in Sophos Firewall

Posted on By CWS

Sophos this week introduced the rollout of patches for 5 vulnerabilities in Sophos Firewall that might result in distant code execution (RCE).

The primary problem, tracked as CVE-2025-6704 (CVSS rating of 9.8), is a essential arbitrary file writing flaw within the Safe PDF eXchange (SPX) characteristic of the equipment that might enable distant, unauthenticated attackers to execute arbitrary code.

In accordance with Sophos’s advisory, the bug impacts solely a fraction of firewall deployments, as it might probably solely be triggered if a particular configuration of SPX is enabled and if the firewall is working in Excessive Availability (HA) mode.

The second defect, tracked as CVE-2025-7624 (CVSS rating of 9.8), is an SQL injection problem within the legacy SMTP proxy of the equipment.

Additionally resulting in RCE, the vulnerability solely happens “if a quarantining coverage is energetic for E-mail and SFOS was upgraded from a model older than 21.0 GA”. Thus, it impacts lower than 1% of gadgets, Sophos says.

The corporate additionally resolved a high-severity command injection bug within the WebAdmin part of the firewall that might enable distant, unauthenticated attackers to execute arbitrary code on Excessive Availability (HA) auxiliary gadgets.

Tracked as CVE-2025-7382 (CVSS rating of 8.8), the flaw can solely be triggered if OTP authentication for the admin consumer is enabled.

Over the previous month, Sophos launched hotfixes to deal with these points in Firewall variations 19.0 MR2 (19.0.2.472), 20.0 MR2 (20.0.2.378), 20.0 MR3 (20.0.3.427), 21.0 GA (21.0.0.169), 21.0 MR1 (21.0.1.237), 21.0 MR1-1 (21.0.1.272), 21.0 MR1-2 (21.0.1.277), and 21.5 GA (21.5.0.171).Commercial. Scroll to proceed studying.

The patches had been additionally included in model 21.0 MR2 of the equipment.

The final two bugs described in Sophos’ advisory, CVE-2024-13974 and CVE-2024-13973, had been found within the equipment’s Up2Date and WebAdmin elements. Their exploitation requires that the attackers management the firewall’s DNS setting and that they’re logged in as directors, respectively.

Patches for these safety defects had been first included in Sophos Firewall model 21.0 MR1.

Prospects working older variations of the firewall are required to improve to obtain these patches, the corporate says. Sophos notes that it has not noticed these flaws being exploited within the wild.

Associated: Sophos Patches Essential Firewall Vulnerabilities

Associated: Oracle Patches 200 Vulnerabilities With July 2025 CPU

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact

Associated: Unpatched Ruckus Vulnerabilities Enable Wi-fi Atmosphere Hacking

Security Week News Tags:, , , ,

Related Posts

Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome Security Week News
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People Security Week News
British Department Store Harrods Warns Customers That Some Personal Details Taken in Data Breach Security Week News
Siemens Notifies Customers of Microsoft Defender Antivirus Issue Security Week News
F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data Security Week News
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm Security Week News