Sophos has alerted users to critical vulnerabilities in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which can be exploited for remote code execution. Key vulnerabilities include CVE-2025-6704 and CVE-2025-7624, both with CVSS scores of 9.8. CVE-2025-6704 involves arbitrary file writing in the Secure PDF eXchange feature, while CVE-2025-7624 is an SQL injection in the SMTP proxy. Additional vulnerabilities were also patched, with two discovered by the U.K. National Cyber Security Centre, affecting previous versions of Sophos Firewall.
CVE-2025-6704 is an arbitrary file writing vulnerability in the Secure PDF eXchange feature that can lead to pre-auth remote code execution if configured in HA mode.
CVE-2025-7624 is an SQL injection vulnerability in the transparent SMTP proxy affecting devices with active quarantining policy, leading to remote code execution.
Sophos addresses multiple vulnerabilities, including CVE-2025-7382, which is a high-severity command injection vulnerability in the WebAdmin component.
The U.K. National Cyber Security Centre discovered CVE-2024-13974 and CVE-2024-13973, which allow attackers to control DNS for achieving remote code execution.
Collection
[
|
...
]