Published
2025-07-21
·
Updated
2025-07-26
·
CVE-2025-7382
8.8
High
| Base vector | Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Sophos Firewall versions prior to 21.0 MR2 (21.0.2)
Description:
A command injection vulnerability exists in the WebAdmin component of Sophos Firewall. This issue can allow adjacent attackers to achieve pre-authentication code execution on High Availability (HA) auxiliary devices when One-Time Password (OTP) authentication is enabled for the admin user.
Recommendations:
Update Sophos Firewall to version 21.0 MR2 (21.0.2) or later.
Fix
RCE
OS Command Injection