Post

Critical Sophos Firewall Vulnerabilities Addressed: Enhancing Cybersecurity

Posted
By Tom Grant
2 min read
Critical Sophos Firewall Vulnerabilities Addressed: Enhancing Cybersecurity

TL;DR

Sophos has addressed five critical and high-severity vulnerabilities in its Firewall product, which could allow remote attackers to execute arbitrary code. The fixes were applied through hotfixes, with no user action required for those with automatic updates enabled.

Sophos Resolves Five Critical Vulnerabilities in Sophos Firewall

Sophos has recently addressed five significant vulnerabilities in its Firewall product, which could enable remote attackers to execute arbitrary code. These vulnerabilities, identified as CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, and CVE-2024-13973, were resolved through hotfixes, ensuring that users with automatic updates enabled are protected without needing to take any additional actions1.

Details of the Vulnerabilities

Critical Flaws

  1. CVE-2025-6704 (CVSS score of 9.8)
    • Description: A critical flaw in the SPX feature of Sophos Firewall could lead to pre-auth remote code execution when combined with HA mode.
    • Impact: Affects approximately 0.05% of devices.
    • Disclosure: Responsibly disclosed via Sophos’ bug bounty program.
  2. CVE-2025-7624 (CVSS score of 9.8)
    • Description: An SQL injection vulnerability in the legacy SMTP proxy of Sophos Firewall could allow remote code execution if email quarantining is active and the system was upgraded from pre-21.0 GA versions.
    • Impact: Affects up to 0.73% of devices.
    • Disclosure: Responsibly disclosed via Sophos’ bug bounty program.

High-Severity Flaws

  1. CVE-2025-7382 (CVSS score of 8.8)
    • Description: A command injection vulnerability in WebAdmin could enable adjacent attackers to execute code pre-auth on HA auxiliary devices if OTP is enabled.
    • Impact: Affects approximately 1% of devices.
  2. CVE-2024-13974 (CVSS score of 8.1)
    • Description: A business logic flaw in the Up2Date component could allow attackers to control DNS settings and achieve remote code execution.
    • Disclosure: Responsibly disclosed.

Medium-Severity Flaw

  1. CVE-2024-13973
    • Description: Details of this medium-severity issue were not disclosed, but it has been addressed along with the other vulnerabilities.

Previous Vulnerabilities

In December 2024, Sophos addressed three other critical vulnerabilities in its Firewall product. These flaws could have led to SQL injection, privileged SSH access to devices, and remote code execution2.

Conclusion

Sophos’ proactive approach to addressing these vulnerabilities underscores the importance of continuous monitoring and prompt patching in maintaining robust cybersecurity defenses. Users are advised to ensure that their systems are configured to receive automatic updates to benefit from these critical security fixes.

References

  1. Sophos (2025). “Sophos Security Advisory”. Sophos. Retrieved 2025-07-23. ↩︎

  2. Security Affairs (2024). “Sophos Firewall Critical Vulnerabilities”. Security Affairs. Retrieved 2025-07-23. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity sophos firewall vulnerability
This post is licensed under CC BY 4.0 by the author.