Close Menu
Cybercrime and Ransomware

Essential Security Update: Sophos Firewall Vulnerabilities Patched

Staff WriterBy No Comments4 Mins Read0 Views

Top Highlights

  1. Critical Vulnerabilities: Sophos has patched five vulnerabilities in its Firewall software, including two high-severity remote code execution (RCE) vulnerabilities (CVE-2025-6704 and CVE-2025-7624), both with a CVSS score of 9.8.

  2. Limited Impact: These critical flaws affect only a small percentage of devices, primarily under specific configurations: CVE-2025-6704 relates to the Secure PDF eXchange feature in High Availability mode, while CVE-2025-7624 involves SQL injection in the legacy SMTP proxy, impacting devices upgraded from versions older than 21.0 GA.

  3. Additional Issues: A command injection bug (CVE-2025-7382) with a CVSS score of 8.8 also allows RCE but requires that OTP authentication for the admin user is enabled, and relates to High Availability auxiliary devices.

  4. Patch Version Requirement: To secure their systems, customers running older versions must upgrade to the latest firmware, as these patches are included in versions starting from 21.0 MR1; no exploitation of these vulnerabilities has been reported in the wild.

The Issue

This week, Sophos reported significant advancements in cybersecurity through the release of patches addressing five vulnerabilities in their Firewall software that could facilitate remote code execution (RCE). Among these, the critical flaw designated CVE-2025-6704, with a CVSS score of 9.8, arises from the Secure PDF eXchange (SPX) feature, enabling remote attackers to execute arbitrary code under specific conditions. This vulnerability affects only a minority of configurations, particularly those operating in High Availability (HA) mode. Another critical issue, CVE-2025-7624, also scoring 9.8, is tied to SQL injection in the legacy SMTP proxy, impacting less than 1% of devices due to its dependence on a quarantining policy from previous software versions.

Additionally, vulnerabilities CVE-2025-7382, with an 8.8 score, and two others—CVE-2024-13974 and CVE-2024-13973—were identified in the WebAdmin and Up2Date components, further exposing the administration side of the firewall to potential exploitation. Sophos emphasized that exploitation of these vulnerabilities has not yet been observed in real-world scenarios. Their advisory also highlights that customers using outdated versions of the firewall need to upgrade to implement the necessary security measures successfully. Sophos’s proactive approach reflects their commitment to safeguarding user systems against emerging threats in a rapidly evolving cyber landscape.

Risks Involved

The recent identification of five critical vulnerabilities in Sophos Firewall poses significant risks not only to those directly affected but also to a broader ecosystem of businesses, users, and organizations. The notorious remote code execution capabilities of these flaws—particularly CVE-2025-6704 and CVE-2025-7624, both with alarming CVSS scores of 9.8—allow malicious actors to potentially infiltrate networks linked with vulnerable systems. Even though Sophos asserts that these vulnerabilities impact a limited number of devices under specific configurations, the interconnected nature of digital infrastructures amplifies the threat. If exploited, these weaknesses could serve as gateways for ransomware attacks, data breaches, and unauthorized access, jeopardizing sensitive information and eroding trust between partners and customers. In essence, the ramifications ripple outward as compromised entities could inadvertently endanger their supply chains or client bases, leading to substantial financial losses, reputational damage, and heightened regulatory scrutiny. Thus, the urgency to apply patches and upgrade software cannot be overstated for all stakeholders in the networked landscape.

Possible Actions

Timely remediation is essential in safeguarding systems from potential threats, particularly with regards to critical vulnerabilities patched in Sophos Firewall. The rapid application of updates and patches can significantly reduce the window of opportunity for malicious actors.

Mitigation Steps

  1. Immediate Patch Application
  2. Conduct Vulnerability Assessment
  3. Enhance Firewall Rules
  4. User Awareness Training
  5. Regular System Audits
  6. Incident Response Plan Review

NIST Guidance
NIST Cybersecurity Framework (CSF) emphasizes proactive risk management strategies, underscoring the necessity for regular updates and assessments. Refer to NIST SP 800-53 for detailed controls and administrative practices that can mitigate these vulnerabilities effectively.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.