Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Sophos fixed two critical Sophos Firewall vulnerabilities

Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code. “Sophos has resolved five independent security vulnerabilities in Sophos Firewall. Every Critical and High severity vulnerability was […]

Sophos Firewall

Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code.

Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code.

“Sophos has resolved five independent security vulnerabilities in Sophos Firewall. Every Critical and High severity vulnerability was remediated through hotfixes.” reads the advisory. “No action is required for Sophos Firewall customers to receive these fixes with the “Allow automatic installation of hotfixes” feature enabled on remediated versions (see Remediation section below). Enabled is the default setting.”

The critical flaw CVE-2025-6704 (CVSS score of 9.8) in Sophos Firewall’s SPX feature can lead to pre-auth remote code execution if combined with HA mode. The issue affects ~0.05% of devices and was responsibly disclosed via Sophos’ bug bounty program.

The flaw CVE-2025-7624 (CVSS score of 9.8) is an SQL injection in Sophos Firewall’s legacy SMTP proxy that may allow remote code execution if email quarantining is active and the system was upgraded from pre-21.0 GA versions. It affects up to 0.73% of devices and was responsibly disclosed via Sophos’ bug bounty program.

The remaining flaws addressed by the cybersecurity firm are two high-severity vulnerabilities, respectively tracked as CVE-2025-7382 and CVE-2024-13974, and a medium-severity issue tracked as CVE-2024-13973.

CVE-2025-7382 (CVSS score of 8.8) is a command injection in WebAdmin that may allow adjacent attackers to execute code pre-auth on HA auxiliary devices if OTP is enabled. Affects ~1% of devices.

CVE-2024-13974 (CVSS score of 8.1) is a business logic flaw in the Up2Date component that could let attackers control DNS settings and achieve remote code execution. Both were responsibly disclosed.

In December 2024, Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Sophos Firewall)