CVE-2025-7624

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR2 (21.0.2)

Description An SQL injection vulnerability exists in the legacy (transparent) SMTP proxy. Successful exploitation can lead to remote code execution if a quarantining policy is active for Email and the Sophos Firewall Operating System (SFOS) was upgraded from a version older than 21.0 GA.

Recommendations Update Sophos Firewall to version 21.0 MR2 (21.0.2) or later.

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-14339

CVE-2025-7624

Affected Products

Sophos Firewall

CVE-2025-7624

Weakness Enumeration

Related Identifiers

Affected Products

References · 27