Sophos Firewall Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sophos Firewall Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-7624 — CVSS 9.8 (critical): An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to…
CVE-2025-6704 — CVSS 9.8 (critical): An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2)…
CVE-2024-12727 — CVSS 9.8 (critical): A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows…
CVE-2024-12728 — CVSS 9.8 (critical): A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3…
CVE-2024-12729 — CVSS 8.8 (high): A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older…
CVE-2025-7382 — CVSS 8.8 (high): A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers…
CVE-2021-25268 — CVSS 8.4 (high): Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than…
CVE-2024-13974 — CVSS 8.1 (high): A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers…
CVE-2024-13973 — CVSS 6.8 (medium): A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to…
CVE-2021-25267 — CVSS 6.8 (medium): Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version…