CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Network Security·Vulnerabilities

Critical Vulnerabilities Patched in Sophos Firewall

Sophos has patched five vulnerabilities in Sophos Firewall that could allow remote attackers to execute arbitrary code. The post Critical Vulnerabilities Patched in Sophos Firewall appeared first on SecurityWeek.

Sophos firewall patches

Sophos this week announced the rollout of patches for five vulnerabilities in Sophos Firewall that could lead to remote code execution (RCE).

The first issue, tracked as CVE-2025-6704 (CVSS score of 9.8), is a critical arbitrary file writing flaw in the Secure PDF eXchange (SPX) feature of the appliance that could allow remote, unauthenticated attackers to execute arbitrary code.

According to Sophos’s advisory, the bug impacts only a fraction of firewall deployments, as it can only be triggered if a specific configuration of SPX is enabled and if the firewall is running in High Availability (HA) mode.

The second defect, tracked as CVE-2025-7624 (CVSS score of 9.8), is an SQL injection issue in the legacy SMTP proxy of the appliance.

Also leading to RCE, the vulnerability only occurs “if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA”. Thus, it impacts less than 1% of devices, Sophos says.

The company also resolved a high-severity command injection bug in the WebAdmin component of the firewall that could allow remote, unauthenticated attackers to execute arbitrary code on High Availability (HA) auxiliary devices.

Tracked as CVE-2025-7382 (CVSS score of 8.8), the flaw can only be triggered if OTP authentication for the admin user is enabled.

Over the past month, Sophos released hotfixes to address these issues in Firewall versions 19.0 MR2 (19.0.2.472), 20.0 MR2 (20.0.2.378), 20.0 MR3 (20.0.3.427), 21.0 GA (21.0.0.169), 21.0 MR1 (21.0.1.237), 21.0 MR1-1 (21.0.1.272), 21.0 MR1-2 (21.0.1.277), and 21.5 GA (21.5.0.171).

The patches were also included in version 21.0 MR2 of the appliance.

The last two bugs described in Sophos’ advisory, CVE-2024-13974 and CVE-2024-13973, were discovered in the appliance’s Up2Date and WebAdmin components. Their exploitation requires that the attackers control the firewall’s DNS environment and that they are logged in as administrators, respectively.

Patches for these security defects were first included in Sophos Firewall version 21.0 MR1.

Customers running older versions of the firewall are required to upgrade to receive these patches, the company says. Sophos notes that it has not observed these flaws being exploited in the wild.

Related: Sophos Patches Critical Firewall Vulnerabilities

Related: Oracle Patches 200 Vulnerabilities With July 2025 CPU

Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact

Related: Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking

Latest News

CYBERNEWSMEDIAPublisher